This researcher claimed to reverse-engineered TikTok app, and unveiled alarming privacy aspect

Most social media platforms have gone through privacy and security scandals at least once and according to an app researcher TikTok has also joined that privacy disaster league.

Around 2 months ago, Reddit user ‘Bangorlol’ commented on a discussion about TikTok claiming to have successfully reverse-engineered it. He advised users against using the app and telling their friends and family to stop using it as well due to its intrusive user tracking among other serious problems. Regarding this, the fact that TikTok was the most downloaded app in the start of 2020 on both Apple and Google app stores, is worrying.

He claimed that he has a strong understanding of how the app works and stated that it was a data collection service thinly disguised as a social media platform. The app tracks users' phone hardware that means it tracks CPU type, hardware IDs, memory usage, disk space, etc.

It also tracks the apps you have installed. In addition to all this, everything network-related like, IP addresses, MAC addresses, WiFi access points, etc. are also monitored. It tracks if your phone is jailbroken or rooted. Some variants of the app have GPS pinging enabled, meaning the app was sending the users live location to HQ, every 30 seconds. This option was auto-enabled if the user added their location to their posts. The app sets up a local proxy server on devices for "transcoding media" but this was clearly an excuse to steal user info. The app leaked users' email and secondary email used for password recovery and users' real names and birthdays.

The developer of TikTok app leverages viral-sensation technique to attract existing users to stay and to gain new users. It is extremely likely that users' first posts garner quite a few likes and comments to encourage them to continue using the app. Usually, this strategy succeeds, and users end up chasing the unicorn.

Not to mention how the app is an advantage to pedophiles as there have been numerous reports of old men doing duets with underage girls to NSFW songs.

TikTok does not want users to know how much information it collects and the security implications for all that data together are enormous. All of their analytics requests are encrypted, and the keys change with every update. They have also configured the system so that if a user blocks communication to their analytics host the app will not function.

Twitter, Facebook, Instagram, and Snapchat do not collect anywhere near the amount of data TikTok does and they don't try to hide the data being sent as explicitly as TikTok.

All this being said, Bangorlol is not a conspiracy theorist nor are his claims speculation. He has invested a decent amount of time in IT and the last few years of his career have been devoted to reverse-engineering and analyzing how apps work. Bangorlol devotes his time analyzing how apps work and what functions those apps don't provide users, he then works to build third-party tools like apps, websites, extensions that give users the missing functionalities.

It reportedly took the Chinese development team 200 days to create the original version of TikTok but Bangorlol was able to crack it with ease. Although the system did put up a struggle. TikTok puts a lot of effort into preventing people like Bangorlol from figuring out how their app works. There's a ton of obscurity at all levels of the application. They hide functions, stop debuggers from attaching, and use a whole host of other sneaky tricks.

This level of secrecy is fathomable as TikTok's revenue has risen considerably. With the increase in popularity of the parent company, ByteDance, it has generated a profit of 3 billion U.S dollars.

Bangorlol thinks that today's society has grown used to giving away their private info. People nowadays do not understand the implications if their private information is leaked and it is vital to educate people on the importance of their private information and spread awareness of the consequences of stolen information.

That being said, people should double-check where they use their private information and be aware of the various ways their information can be stolen.

Photo: Thomas Trutschel | Photothek | Getty Images

Read next: New Feature in iOS 14 Reveals Sinister TikTok Snooping
Previous Post Next Post