One of the most popular apps of the moment has just been involved in quite a controversy. Shortly after being accused by the United States of stealing user data, TikTok, which generated $ 17 billion in revenue in 2019, now faces opposition from the Anonymous group – which posted the following message on its social networks: ” Delete TikTok now. “
“If you know someone who uses it, explain that it is essentially malware operated by the Chinese government – responsible for a massive spying operation.”
Complementing the post, the information the app supposedly has access to was included, discovered from the analysis of its code carried out by a user of the Reddit forum. Are they:
Equipment hardware, such as CPU, screen size and resolution, use of memory and disk space, in addition to other data;
All applications installed on the device and also those uninstalled, either before or after the inclusion of TikTok;
Network data, including WiFi access name and router IP;
Presence of root or jailbreak on the device;
Real-time location via GPS, updated every 30 seconds.
Danger in sight?
Apparently, according to the whistleblower, the application makes it difficult to analyze the code with algorithms that change its construction with each update “so that no one knows what information it is getting” – also allowing the installation of a proxy that helps in the transcoding of media, which can be exploited for not having authentication.
“There are pieces of code that cause Android to download a ZIP file, extract its data and execute it. There is no reason for that.”
“The most frightening part of all this is that everything is remotely configurable, unless every detail of the code is manually adjusted by the user, in isolation. There are several protections to prevent you from reversing the process “, he says.
Responding to allegations of association with the Chinese government, TikTok claimed to have hundreds of employees in the U.S., to have partnered with world-class security companies to correct problems related to user privacy and to take the attacks seriously.
A guy on reddit reversed engineered #TikTok
Here’s what he found on the data it collects on you
It’s far worse than just stealing what’s on your clipboard: pic.twitter.com/oqaQyYDXT2
— Dan Okopnyi 🇺🇦 (@d1rtydan) June 28, 2020