TikTok has become the hot new platform to distract us all from encroaching doom and I, for one, absolutely love it. It’s full of funny creators, new ideas, and young people changing the world. Compared to Twitter and Facebook, it’s an absolute delight. But is TikTok safe?
Like all fun things these days, it’s too good to be true.
An engineer named Bangorlol posted a comment on a recent Reddit thread about TikTok security in which he basically says no, TikTok isn’t safe. His career is based on “reversing mobile applications, analyzing how they work, and building additional third-party functionality around them” he told BP. Doing this to TikTok was kind of a personal project, but he was so freaked out by the results that he had to share them.
“So I can personally weigh in on this. I reverse-engineered the app, and feel confident in stating that I have a very strong understanding for how the app operates (or at least operated as of a few months ago),” he wrote in his epic comment.
“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.”
Some of the things they collect according to what he can tell, are “phone hardware (CPU type, number, of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc),” other installed apps, your entire internet network, whether you’re rooted or jailbroken, and they ping your GPS every 30 seconds and a proxy server to “transcode media” with no authentication.
Much of that sounds like nothing to non-coders, but it’s a huge difference form standard social media platforms that aren’t known for their security and respect of privacy to begin with.
He also emphasized the ways in which TikTok tries to disguise what it’s up to, writing, “They have several different protections in place to prevent you from reversing or debugging the app as well.”
“App behavior changes slightly if they know you’re trying to figure out what they’re doing.”
And this info they’re collecting isn’t particularly protected on their end, because it’s been leaked.
He also pointed out how the app manipulates people into using it:
They provide users with a taste of “virality” to entice them to stay on the platform. Your first TikTok post will likely garner quite a bit of likes, regardless of how good it is.. assuming you get past the initial moderation queue if thats still a thing. Most users end up chasing the dragon.
He mentions a host of creepy old men on the platform as well, who are able to direct message kids. Unfortunately, this is an issue across platforms, but definitely worth mentioning if your children are using TikTok without much oversight.
“For what it’s worth I’ve reversed the Instagram, Facebook, Reddit, and Twitter apps,” he concluded. “They don’t collect anywhere near the same amount of data that TikTok does, and they sure as hell aren’t outright trying to hide exactly what’s being sent like TikTok is. It’s like comparing a cup of water to the ocean – they just don’t compare.”
He then added a tl;dr:
“I’m a nerd who figures out how apps work for a job. Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it.”
Bangorlol told Bored Panda that he thinks data mining has become so normalized that they’re not even distressed by this information.
“The general consensus among most ‘normal’ people is that they can’t/won’t be targeted, so it’s fine. Or that they have nothing to hide, so ‘why should I even care?’ I think the apathy is sourced from people just not understanding the security implications (at all levels) of handing over our data to a foreign government that doesn’t discriminate against who they target, and also doesn’t really have the best track record when it comes to human rights,” he said.
He has recently updated his comment with even more information, including other papers and analysis of the platform, if you want to dive deeper.
“TikTok might not meet the exact criteria to be called “Malware”, but it’s definitely nefarious and (in my humble opinion) outright evil,” Bangorlol said. “There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”