By installing mobile applications on a smartphone, few people realize that they are exposing themselves to the risk of theft of confid...
By installing mobile applications on a smartphone, few people realize that they are exposing themselves to the risk of theft of confidential information, nevertheless, such a possibility really exists. Dozens of mobile applications were seen in the fraud with the interception of personal data: programs for games, entertainment, communication, news viewing and so on. Among them is the popular TikTok app, which has recently been increasingly accused of mass surveillance of users. According to several studies by programmers, TikTok collects a shocking amount of information - many times more than Instagram, Facebook or Twitter. Who specifically and why accuses the application of espionage and what its creators say in response - read the details in the material.
Class action lawsuit filed against TikTok in winter
The first allegations of espionage emerged back in December 2019, when a class action lawsuit was filed against TikTok and the Beijing company ByteDance, which owns it, in the US District Court of California. The lawsuit accuses the application of secretly collecting user personal data and then transferring it to remote servers based in China.
In particular, the document states that the privacy policy of the application is highly "ambiguous" , which allows the identification and tracking of users in the United States. In this way, the company can benefit from the intended activity of this kind, since this data can be used to serve targeted advertisements. It is also claimed that TikTok can collect biometric data about its users by processing videos, where people's faces are very often shown in close-ups. When a user shoots a video and clicks the Next button, the videos are transferred to different domains without their knowledge. Moreover, this happens even before the user saves or posts the video to his account.
"The carefree fun with TikTok comes at a high price," said the lawsuits.
In the spring, TikTok fell under the gun of programmers
At the end of March, programmers Talal Hai Bakri and Tommy Misk conducted a study and found that more than 50 smartphone applications, including TikTok, secretly collect user data. According to them, this data may contain bitcoin addresses, links for password recovery, fragments of personal correspondence and other confidential information that falls into the clipboard.
The researchers posted a video about the work done on their YouTube channel. It notes that applications regularly access the clipboard, although they are not required to make them work. A reasonable question arises - then for what? Even if we assume that this is just a common oversight of the developers and they are not plotting anything malicious, the situation itself still creates a certain discomfort - why, with each copy / input of data, you need to be afraid that it can be stolen and subsequently compromised? After all, there are no guarantees that this will not happen.
In parallel, another software engineer conducted his own investigation. He posted the results on his Reddit account under the nickname bangorlol. At the moment, the original post has already been edited, but the original is still preserved thanks to this tweet.
The guy on Reddit showed the flipside of TikTok. Here's what he found in the data the app collects about you. This is much more serious than just stealing from the clipboard.
In particular, bangorlol said that the service receives both personal information of users and data from their devices - the spectrum is incredibly wide. He also found out that for a long time the application did not use a secure https connection, and therefore the emails of users, their names and dates of birth were available for viewing.
In addition, the programmer noted that he analyzed Instagram, Facebook and Twitter and found that all of them together collect much less information than TikTok. Summing up the results, bangorlol urged people to remove the malicious app from their phones.
TikTok is capable of universal surveillance
Often espionage goes beyond a single device. So, if two or more Apple devices use the same Apple ID and are located within three meters of each other, they use a common clipboard , that is, content can be copied from one device to another. Thus, all connected devices risk falling prey to an interceptor program installed on at least one of them. Tommy Misk also recorded a video about this . He stressed the extreme danger of the situation and urged people to be extremely careful.
Then, in March, as reported by The Telegraph, a TikTok spokesman promised to fix the problem within the next few weeks. But, as it turned out recently, he did not keep his promises.
IOS version 14 brought spies to clean water
Recently, an updated version of the iOS mobile operating system was released, which is still available only in beta testing mode. The added function warns the user whenever any of the applications installed on the smartphone is about to read the contents of the clipboard.
Once they started using iOS 14, testers quickly realized how many apps are trying to get into their personal data and how often they do it. At this very brief video that just a week after the publication has gained nearly 130 000 views, demonstrated how the withdrawal notification is happening on the screen.
The update made it clear that the TikTok team did not keep their March promises. As it turned out, information from the clipboard is still being collected, and at an incredible speed. One of the beta owners wrote about this on Twitter, attaching a video to prove it.
Well, TikTok grabs the contents of my clipboard every 1–3 keystrokes. iOS 14 knocks on it with new notifications.
In addition, the hacker group Anonymous, known for its controversial reputation and high-profile statements, including against the Minneapolis police in connection with the recent events in the United States , actively opposes TikTok . On Twitter, they launched a real "anti-Tiktok" campaign with radical statements and loud calls.
Uninstall TikTok now. If you know the people using this application, explain to them that it is actually malware controlled by the Chinese authorities who organized a massive spy operation.
Moreover, members of the hacker organization believe that TikTok helps the Chinese authorities not only collect data, but also conduct detailed analysis of the platform's user behavior. Notably, 69% of TikTok users are teens and young adults between the ages of 13-24.
Tiktok collects data on children / adolescents in order to monitor market reach and political development in order to find the best ways to enforce them over the next 5-10 years. This gives China an advantage in manipulating wide sections of society in a number of countries at once.
According to one Forbes contributor, this puts TikTok in a rather unique position, since confrontational parties have united against it in the same case: governments of different countries, including the United States, and a hacker group.
How TikTok reacted to the situation
After a new wave of publications about TikTok rose on social networks, company representatives made a statement:
“After launching the test version of iOS 14, users saw relevant alerts when using some popular applications. As far as TikTok is concerned, this was done to protect against spam. We have already updated the app in the App Store, removing this feature to avoid possible misunderstandings. TikTok protects the personal data of users and the transparency of our application. We look forward to inviting external experts to our “Center for Transparency” later this year. ”
Indeed, in the latest blog update, Talal Hai Bakri and Tommy Misk took TikTok off the list of clipboard readers. However, the credibility of the application has already been significantly eroded, and there is no guarantee that its developers will not go for some new tricks.
In this regard, Misk said that the notification feature in iOS is a good start, but ultimately Apple and Google need to do more:
- First : enable the function of allowing access to the clipboard only on request, as the procedure for accessing the microphone or camera of the device is currently taking place.
- Second : oblige developers to provide full information about what data the application will access and for what purpose.
Why is TikTok more dangerous than other interceptor apps?
Of course, all applications that secretly collect user data are potentially the same danger. However, the scale of the spread of this danger directly depends on the size of the audience using the application. It is for this reason that whistleblowers have put TikTok in one of the first places - its popularity is growing at a rapid pace.
Based on Apple's annual reports of the most downloaded apps on the iPhone, TikTok was ranked 16 by the end of 2018 , and a year later it climbed to fourth, behind YouTube, Instagram and Snapchat. However, the growth of his popularity is unlikely to stop there.
According to Bloomberg, in the first quarter of this year alone, TikTok was downloaded 315 million times, which is almost half of the downloads for the entire last year. So the potential is there - at the moment it has over 800 million users. Now imagine that this entire huge audience is threatening the confidentiality of their personal data every second. The problem is massive indeed.
Never lose your guard
In conclusion, we recall that the issue of the safety of personal data is extremely important, including for crypto holders. At the moment, users of smartphones, tablets and other devices should be aware that all information stored in the clipboard can become available to any of the installed applications. And in the case of a shared clipboard, like on Apple devices, a leak is possible even through nearby connected devices.
If you have even the slightest suspicion of surveillance, do not forget to clear the clipboard after use, for example, instead of copying important information, a piece of any "left" text. Generally speaking, it's best to do this every time as a precaution.
