An IT security company has audited video app TikTok for data protection. Result: TikTok collects the data of all the apps installed on the phone. It also appears that the app is still connecting to a server in China.
This is not the first time that the popular video app TikTok criticized for data protection investigation it costs An analysis by the US-Australian IT Security Center now brings the platform operated by the Chinese company ByteDance back into the spotlight.
Internet 2.0 posted a message, which shows that TikTok puts privacy as a second priority. In addition, it appears as if the app is secretly connecting to Chinese servers.
Data protection is written in small letters on TikTok
The company’s IT report is a technical analysis of the source code of TikTok mobile applications on Android 25.1.3 and iOS 25.1.1 operating systems. The investigation focused on device data collection. And this is especially noticeable for iPhone users.
Authorization and device data collection are too intrusive, the report says. It is not necessary for the application to work. For example, the video app accesses the smartphone’s location, as well as the calendar and all contacts. In addition, TikTok also obtains device information such as serial number, SIM serial number or MAC address of the device.
According to the app analysis, it will load all other running and installed apps on the phone. In theory, this information could create a realistic diagram of a smartphone.
What’s particularly eye-catching: TikTok accesses all user device accounts in the background. According to the Internet2.0 study, the application also has access to read the clipboard. This is especially dangerous because the password manager also accesses it.
TikTok is secretly joining China
In addition to overlooking data protection in general, IT specialists also noticed that TikTok appears to be using the operating system of iPhone users to establish a server connection with mainland China.
TikTok has explicitly stated that the video app’s user data will be stored in the US and Singapore. In addition, the application does no connection to the Beijing-based division of ByteDance. However, during the investigation, the Internet2.0 team discovered that the iOS app’s subdomains were being resolved all over the world, including Baishan, China.
During the analysis, we could not determine with great certainty the purpose of the connection to the Chinese server or the location where user data is stored.
However, the team found that the IP address leading to China changed its location regularly. A connection to Baishan was seen from a number of different IP addresses during the course of the investigation. Interestingly, Baishan is home to a cyber security company Guizhou Baishan Cloud Technology is based, which operates a joint data laboratory in cooperation with the local university.
According to Internet2.0’s analysis, only the iOS version of TikTok showed these server connections to mainland China. In the version of the Android platform, IT specialists could not find any direct connection to the Chinese server.
TikTok refuses to connect to Chinese servers
The report concludes that most access and device data collection is unnecessary for TikTok to function properly. The research group therefore concludes that the only reason for collecting data is to collect it. Ultimately, it is not only interesting for users, but also for politicians.
The goal of this report is to help policymakers and legislators make evidence-based decisions.
Former US President Donald Trump already tried it during his tenure Banning TikTok enact. He cited security concerns and potential Chinese espionage as reasons. However, current President Joe Biden withdrew the ban.
According to the Mirror, TikTok disagrees with the report’s findings. IP addresses would be in Singapore and network traffic would not leave the region. It is patently false that there is any communication with China.