TikTok is fast becoming one of the largest social networks. It has more than 800 million users worldwide, and about half of its users are 16-24.
TikTok has had privacy concerns for some time. Recent data paints a very ugly picture of how TikTok works to destroy your privacy.
Today, we’ll take a detailed look at how TikTok compromises your smart device and what you can do about it.
Snooping on your clipboard
Okay, then TikTok will grab the contents of my clipboard with the press of 1-3 keys. iOS 14 sips it with a new connection notification pic.twitter.com/OSXP43t5SZ
– Jeremy Burge (@jeremyburge) June 24, 2020
While it’s a fairly well-known fact that most apps collect user data for advertising and telemetry reasons, TikTok seems to take it to the extreme. As Twitter user Jeremy Burge shows, the contents of his clipboard are copied to TikTok every few seconds, even when he’s not using the app.
Copying from the user clipboard is not something unique to TikTok. Other applications do this to provide the user with even better functionality, and do not use it as a data collection method. There is no way to tell which applications are scanning the clipboard as part of their function and which are simply digging up your data.
It’s getting worse
Copying data from the clipboard so often may seem strange, but not inherently dangerous. Unfortunately, it’s not as simple as Forbes author Zak Doffman explains:
“The acute problem with this vulnerability is Apple’s universal clipboard feature, which means my iPhone can read anything I copied from my Mac or iPad, and vice versa. So if TikTok is active while working on your phone, the app can basically read anything and everything you copy on another device: passwords, work documents, sensitive emails, financial information. Anything.”
This behavior, either intentionally or as a result of bad code, is quite worrying. It is fair to say that exploiting this vulnerability may not have been the original intent of the TikTok development team.
However, later in the same Forbes article TikTok doesn’t seem to be able to tell if the clipboard is snooping “spam blocking” or a bug in the Google Ads Software Development Kit (SDK).
One reason we now know much more about how TikTok works is a Reddit user named bangorlol. Inside something is now commenting on a deleted post criticizing TikTok they describe how they designed the application at the cancellation stage and what they found.
This thread, along with some other citizen-investigative journalism, show that TikTok is either a morally corrupt or incompetent developer. Neither is good for your safety. U / bangorlol lists the main ways TikTok collects and manipulates your information:
- “Telephone hardware (cpu type, number of courses, hardware IDs, screen dimensions, dpi, memory usage, disk space, etc.)
- Other apps you’ve installed (I have even seen some poistani to appear in their analytics for the payload – may be using the intermediate memory)
- All network related (IP, local IP, router Mac, Mac, wifi access point name)
- Whether you are rooted / unpacked
- In some variations of the application, GPS pinging was enabled at the time, approximately once every 30 seconds – this is enabled by default if you never mark an IIRC message
- They set up a local proxy on your device to “media encode,” but it can be misused because it lacks authentication ”
Add to this the fact that TikTok includes code that allows you to download a remote zip file before extracting and executing its contents, and things are starting to look really scary.
Time to remove TikTok?
Because of so many security breaches, there is certainly no reason to continue using TikTok? Some developers disagree. While TikTok takes it to the extreme, almost every application you use collects your data.
One aspect of the TikTok controversy seems to have been neglected. Both Google and Apple have standards that all businesses must adhere to in order to get their apps listed in Play and App Stores. While this does not completely protect you, it seems unlikely that one application will work in a way that is different from others on the same platforms.
Whether you think this is a good thing or further proof that the security of smartphones is in a terrible place.
It’s not just TikTok
Recently, news related to TikTok makes it easy to forget that they are far from the only company that has been criticized for its shady use of information. Facebook has repeatedly proven to be a privacy nightmare.
4 reasons why Facebook is a security and privacy nightmare
They routinely follow users in ways that far exceed TikTok’s accusations. Very few users ended up leaving Facebook because of these allegations, and TikTok may be the same.
Another popular view of the TikTok controversy is that while security issues are serious, they are looked at more closely because of political tension. India has already banned many Chinese apps, including TikTok, and the United States is considering a similar ban. It says both countries have both difficult relations with China.
What comes next for TikTok Security?
Bangorlol’s original post on Reddit as well as posts from Twitter users caused unrest. There is now real momentum around the TikTok privacy issue, and a small community has grown to reveal what TikTok might be ready for.
One pole for this work is TikTok cancels subreddit started bangorlol. It now has over 1,000 members who learn more about the app.
Social media undermines security
TikTok’s security issues are nothing new, and while it’s worrying, there are ways you can make your account more secure.
One thing is for sure, though: TikTok and most other social media apps ruin your security on a daily basis. Leaving TikTok can be a good start, but the only way to be sure is get away from social media altogether
What happens when you quit social media? 6 learned the thing
Notification of subsidiaries: By purchasing the products you recommend, you help keep your site alive. Read more.