TikTok is an app popular with teens and young adults. It’s a social media platform where users can share short-form videos, similar to Vine or Snapchat. It has frequently been in the news lately over its security, with multiple publishers and companies releasing information about the app. It all started when in 2019 the Peterson Institute called the app a national security threat.

Then with the iOS 14 betas we saw that TikTok secretly accesses data on your clipboard, thanks to a new security feature in the OS. Now, even the U.S. government considering a ban on the app. Here’s what the experts say.

Researching TikTok

First, we have the Redditor who claimed to have reverse engineered the app. User “bangerlol” says the app collects a lot of information from your phone, like the hardware components, apps you have installed, network data, whether you’re rooted/jailbroken, and leak your email address(s) in the apps HTTPS REST API.

Penetrum TikTok overview

Penetrum’s brief overview of TikTok

Next, we have security firm Zimperium. Its full analysis of TikTok is behind a barrier (you’ll need to give them your company name, title, email address, etc). Using its z3A Advanced Application Analysis it said both the iOS and Android versions of TikTok has high privacy and medium security risks, with a score of 98/100 for privacy and 82/100 for security (high score is bad).

Another security firm, Penetrum, made its TikTok analysis easily available for everyone. The main PDF reveals that TikTok’s level of data collection is, like u/bangerlol found, excessive.

Finally, in ProtonMail’s examination of TikTok’s privacy policy, the amount of data the app collects is right there in the open. Data includes your IP address, browsing history within the app, your mobile carrier, location data like GPS coordinates, your device’s IMEI number and possibly its IMSI number, and every single action you take within the app.

Conclusion

It seems safe to say that TikTok is both a privacy and security threat. There is back-and-forth debate on whether the company has links to the Chinese government, but it’s plain to see from the data that this isn’t wholly a political debate. This includes what its own privacy policy states. If you’re concerned about your privacy and/or security you may want to give TikTok a pass.

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

3 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
wab95

Andrew:   A greatly appreciated PSA.    At the risk of being batched with the naive Westerners (not a common accusation for yours truly), the penetrum.com review is particularly detailed and damning. As you state, it’s not what anyone, including it’s developers, have to say about the app, it’s what forensic level analysis reveals about the app’s behaviour. Actions trump words (no political reference intended). To whomever this app is ultimately communicating, or whose interests it serves, it clearly is not serving those of the user.    While I don’t fit the demographic of the novel social media app early adopter,… Read more »

“Weather the company has links to the Chinese government”???
How naive can a Westerner be?