Tech researchers' analysis of popular social media app TikTok’s source code has revealed some alarming things about how accessible your personal data is.
Researchers from Australian cybersecurity firm Internet 2.0 published a deep-dive into the social media application on both Android and Apple devices between 1 and 12 July this year.
They determined the "TikTok mobile application does not prioritise privacy" and say it’s undertaking "excessive data harvesting”.
Analysis of popular social media app TikTok’s source code has revealed some alarming things about how accessible your personal data is. (Source: 1News)
The 15-page report notes in some instances where the app checks the device's location at least once per hour. It says TikTok has persistent access to the calendar on the user’s phone.
Researchers also discovered the app is able to assess all other running apps on the phone and know what other applications are installed on the device too.
Speaking to the ABC, Internet 2.0's Robert Potter said there wasn’t specific evidence that TikTok was using the apps vulnerabilities to actually harvest data.
"We don't have visibility over exactly what's being pulled," he said.
"All we can say is that TikTok grants itself permission to pull the data."
Internet 2.0 has also highlighted concerns about the Apple version of the app with a server connection to mainland China "which is run by a top 100 Chinese cyber security and data company Guizhou Baishan Cloud Technology Co., Ltd.".
Researchers were unable to find a similar connection in the Android version of the app.
Robert Potter says it’s not clear what, if any, data is being sent to China.
“Under close examination, we saw it connecting to servers around the world, including in China.”
He also noted that other apps will have server links to China, but claimed the company hasn’t been fully transparent in the past, warning that this was only likely to fuel concerns about the app.
TikTok has responded to the claims raised in the report. In a statement to Australian news outlet Crikey, it said the “IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China".
"The researchers’ conclusions reveal fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims."
SHARE ME