TikTok engages in excessive data collection
TikTok engaged in excessive data collection and connected to mainland China-based infrastructure, Internet 2.0 claimed in a new white paper.
The latest report, overseen by Chief Internet 2.0 Security Engineer Thomas Perkins, is an analysis of the “source code for TikTok Android 25.1.3 mobile apps as well as IOS 25.1.1”, along with Internet 2.0 performing static and dynamic tests. between July 1 and July 12, 2022, focused on collecting device and user data.
The report identified several instances of unwarranted data collection, including:
- Device mapping
- Hourly device location monitoring
- Persistent calendar access
- Ongoing Contact Access Requests
- Device Information
The number of users on TikTok and its prominent position in the market, where, according to the report, the application has more than one billion active users worldwide as of September 2021, intensifies the problem of overreach. .
The whitepaper goes on to note that TikTok IOS 25.1.1 has a server connection to mainland China, which according to Internet 2.0 is operated by Chinese cybersecurity and data company Guizhou Baishan Cloud Technology Co., Ltd. Although TikTok claims that user data is stored in Singapore and the United States, the report found evidence of “numerous subdomains in the IOS app resolved around the world.” This included Sydney, Adelaide and Melbourne (Australia), Utama and Jakarta (Indonesia), Kuala Lumpur (Malaysia) and Baishan (China). The report’s analysis could not determine with certainty “the purpose of the connection to the Chinese server or where user data is stored”.
The document concluded by stating that for TikTok to operate effectively, most of the access and data collection data observed on devices is unnecessary, as the app can operate successfully “without any of this data being collected. “. Internet 2.0 inferred that the sole purpose of collecting this information is data collection. The report’s conclusion also noted the app’s persistent behavior of asking users to reverse their preference decisions to access sought-after data.
Internet 2.0 put all their research on TikTok for comment and verification. However, the app company declined to report on details of its China-based infrastructure.