Tech

Redditor who reverse-engineered the TikTok app claims it's a huge data collection scheme

"TikTok is a data collection service that is thinly-veiled as a social network."

Reddit user 'bangorlol'

PHILIPPE LOPEZ/AFP/Getty Images

It seems TikTok faces skepticism about its behind-the-scenes practices just about every other day. The latest drama for the app comes from a Redditor by the name of “bangorlol” who claims the app is essentially just a front to collect large swaths of data about its users.

Existing on the internet in 2020 is to accept that, at least some of the time, your data is being tracked and utilized by tech companies. Just about every app and website is guilty of it. But, as this Reddit post points out, none of the other popular social networking apps track their users to quite the extent that TikTok does.

Being that this Redditor’s reverse engineering of the TikTok app is an independent study without much hard proof to back it up, it’s important to take this information with a grain (or two) of salt. That being said: this isn’t the first time we’ve heard damning whispers about TikTok’s penchant for broad and unwieldy data-collection. Still the app continues to thrive.

If there’s one lesson to learn here, it’s that TikTok and the larger tech world are in dire need of increased transparency.

Data-collection chaos — The data allegedly being collected by TikTok ranges far and wide, extending way past what’s considered normal by tech industry standards. “If there is an API to get information on you, your contacts or your device...well, they’re using it,” writes bangorlol.

Here’s a brief run-down of the information TikTok is allegedly collecting from its users:

  • Phone hardware information, including CPU type, screen dimensions, memory usage, and hardware IDs
  • Other installed apps
  • Network information (IP address, MAC address, WiFi access point name, and router MAC address)
  • Jailbreak information, if applicable
  • GPS pinging (if you’ve ever location-tagged a post)
  • Local proxy server set-up with no authentication

Not the first reports — Worries over TikTok’s potential for exploiting user data have been around for basically as long as the app has been popular. That’s led to some pretty serious bans — U.S. Army operatives aren’t allowed to use it, for instance, and the TSA asked employees to stop using it at work in February.

But hard evidence is hard to come by in the case of TikTok. There are at least two ongoing official U.S. investigations into TikTok, but neither has released any results.

High-level executives, such as Reddit’s CEO and Facebook COO Sheryl Sandberg are willing to publicly condemn TikTok as a threat, but none have brought hard evidence to the table to back up their claims. Instead, abstract “security concerns” are cited and re-cited — and they’re beginning to come off more as alarmist than realistic.

Anti-China sentiment — All it takes is a cursory review of the replies under bangorlol’s Reddit tell-all to understand that this isn’t just about data privacy — it’s about China. More specifically, it’s about the U.S.’s fear of China.

Back in January 2019, the Peterson Institute set off all this concern over TikTok by publishing a report calling the app a national security threat. Basically every report condemning TikTok since has cited that report, or at the very least piggybacked off its research.

Here’s the thing about that report: it centers on privacy concerns in China, rather than on TikTok itself. Peterson essentially called the app a threat because of its immense popularity and its parent company ByteDance’s roots in China.

More transparency, please — It’s impossible to tell whether or not bangorlol’s assessment of TikTok is correct; the post notes that all of their documentation has been lost to a motherboard failure. And even if their assessment is factual, there’s no proof that TikTok is actually collecting this information on any servers or using it in any way.

What we really need from TikTok is more transparency about what data it’s collecting from users and how that data is stored and used by the company. This is true across the board, though — just about every tech company could benefit from being more transparent. Users deserve to have a complete understanding of how and why their data is being collected.

Rather than face privacy concerns head-on, TikTok and ByteDance continually attempt to skirt them with convoluted location-based developer restrictions and subterfuge about where, exactly, the company is headquartered.

Anti-TikTok sentiment has mostly quieted down in the U.S. amid larger concerns like the COVID-19 pandemic and racial equality protests. But this isn’t over for ByteDance. As recently as last month, a European Union watchdog set up a task force to assess TikTok’s privacy risks.

TikTok may be massively popular right now — but if it hopes to achieve long-term success, the company behind it will need to learn to be more open about how it handles user data.