In the last few days, there have been reports on Twitter about the strange operation of TikTok on Apple devices. The app is said to access our clipboard. In light of these developments, a post with a thorough analysis of the app, which shows why it may be dangerous, enjoys great interest.
Bangorlol is the author of the entry. He deals with reverse engineering - examines apps in terms of their operation and execution. One of them was TikTok. The information about the application that bangorlol shared with Reddit users are really disturbing. The post is being updated on an ongoing basis.
The author of the entry describes TikTok as "malware that is targeting children". It turns out that the product of the Chinese corporation is able to obtain huge amounts of information. Bangorlol claims that compared to Facebook or Twitter, ByteDance's application collects much more of it. "It's like comparing a cup of water to the ocean," says the author.
What data can ByteDance's app access? According to research conducted by bangorlol, the list includes:
- Any information about the phone hardware which we use;
- Other applications installed on the device (interestingly, the author found the records also about those he previously deleted);
- Any network-related information;
- The application checks if the device has access to the root, or if we made a jailbreak;
- Some versions of the app send GPS data every 30 seconds (the author claims that this is enabled by default if we once added a post with location marker);
- TikTok sets up a local proxy server on the device (for media transcoding, but according to the author of the study, due to lack of any authentication, the server can be easily abused).
Bangorlol mentioned that the developers are trying to make the analysis of the application's operation more difficult. What's more, if we would like to prevent the collection of data ourselves, the application simply won't work. The author also managed to find some fragments in the code in the Android version, which may enable remote downloading of a zip files, unpacking them and running their content, and according to him the application doesn't need such a feature.
What do you keep in the clipboard?
For a few days now, developers can take part in beta-tests of iOS 14. One of the new features offered by Apple is the information about pasting clipboard content. As it turned out, while using TikTok, the clipboard usage notification pops up every few keyboard touches. But the text doesn't appear anywhere, or at least isn't visible.
This problem came to light as early as March, when a video showing how the app tries to read the content of the clipboard appeared on myskapps channel. Forbes raised the issue - initially ByteDance said it was caused by old Google advertising tools and the problem was fixed. With the new feature included in iOS 14, the topic came back, and this time the creators of TikTok said that the anti-spam tool is to blame for all the confusion and it is its action that triggers the message. ByteDance informed that a version without anti-spam function has already been sent to App Store. However, we do not know what about the Android application.
- TikTok - official website