When installing mobile applications on a smartphone, few people realize that they are at risk of stealing confidential information, however, such an opportunity really exists. In frauds with the interception of personal data, dozens of mobile applications were noticed: programs for games, entertainment, communication, viewing news and so on. Among them is the popular TikTok application, which has recently been increasingly accused of mass surveillance of users. According to several studies of programmers, TikTok collects a shocking amount of information - many times more than Instagram, Facebook or Twitter. Who specifically and why accuses the application of espionage and what its creators say in response - read the details in the material from DeCenter.
In winter, a class action lawsuit was filed against TikTok
The first espionage charges came back in December 2019, when a lawsuit was filed against the TikTok service and the Beijing company ByteDance, which it owns, with the U.S. Federal District Court of California. The lawsuit accuses the application of secretly collecting personal data of users and their subsequent transfer to remote servers based in China.
In particular, the document states that the privacy policy of the application is very "ambiguous" , which allows the identification and tracking of users in the United States. Thus, the company can benefit from the proposed activities of this kind, since this data can be used to display targeted advertising. It is also claimed that TikTok can collect biometric data about its users through video processing, where people's faces are often shown close-ups. When a user shoots a video and clicks the “Next” button, the videos are transferred to different domains without his knowledge. Moreover, this happens even before the user saves or places the video in his account.
“Carefree fun with TikTok comes at a high price ,” said the initiators of the lawsuit.
In spring, TikTok fell into the sight of programmers
At the end of March, programmers Talal High Bakri and Tommy Misk conducted a study and found that more than 50 smartphone applications, including TikTok, covertly collect user data. According to them, this data may contain bitcoin addresses, links for password recovery, fragments of personal correspondence and other confidential information that falls into the clipboard.
Researchers posted a video on the work done on their YouTube channel. It notes that applications regularly access the clipboard, although this is not required at all to ensure their functioning. A reasonable question arises - then why? Even if we assume that this is just the usual omission of the developers and they do not intend to do anything malicious, the situation itself still creates some discomfort - why should you be afraid that they can be stolen and subsequently compromised with every copy / data entry? After all, there are no guarantees that this will not happen.
In parallel, another software engineer conducted his own investigation. He posted the results in his account on Reddit under the nickname bangorlol. At the moment, the original post has already been edited, but the original is still preserved thanks to this tweet.
In particular, bangorlol said that the service receives both personal information of users and the data of their devices - the spectrum is incredibly wide. He also found out that for a long time the application did not use a secure https connection, in connection with which user emails, their names and birth dates were available for viewing.
In addition, the programmer noted that he analyzed Instagram, Facebook and Twitter and found that all of them together collect much less information than TikTok. Summing up the results, bangorlol encouraged people to remove the malicious application from their phones.
TikTok is capable of universal surveillance
Often espionage goes beyond a single device. So, if two or more Apple devices use the same Apple ID and are located within three meters of each other - they use a common clipboard , that is, the content can be copied from one device to another. Thus, all connected devices run the risk of becoming a victim of an interceptor program that is installed on at least one of them. Tommy Misk also recorded a video about this . He emphasized the extreme danger of the situation and urged people to be extremely careful.
Then, in March, according to The Telegraph, a TikTok spokesman promised to fix the problem within the next few weeks. But, as it turned out recently, he did not keep his promises.
Version iOS 14 brought spies to the clear
The other day, an updated version of the mobile operating system iOS has been released, which so far is only available in beta testing mode. The function added to it warns the user whenever any of the applications installed on the smartphone is about to read the contents of the clipboard.
Starting to use iOS 14, testers quickly realized how many applications are trying to get into their personal data and how often they do it. At this very brief video that just a week after the publication has gained nearly 130 000 views, demonstrated how the withdrawal notification is happening on the screen.
The update allowed us to see that the TikTok team did not keep their March promises. As it turned out, information from the clipboard is still being collected, and with incredible speed. One of the owners of the beta version wrote about this on his Twitter, attaching a video as evidence.
In addition, the hacker group Anonymous, known for its ambiguous reputation and high-profile statements, including against the Minneapolis police in connection with recent events in the USA , is actively opposing TikTok . On Twitter, they launched a real “anti-Ticktock” campaign with radical statements and loud calls.
Moreover, members of the hacker organization believe that TikTok helps the Chinese authorities not only collect data, but also conduct a detailed analysis of the behavior of platform users. It is noteworthy that 69% of TikTok users are teenagers and young people aged 13 to 24 years.
According to one of the authors of Forbes, this puts TikTok in a rather unique position, since the confrontational parties united against him in the same case: the governments of different countries, including the USA, and the hacker group.
How TikTok reacted to the current situation
After a new wave of publications about TikTok rose in social networks, company representatives made a statement:
“After launching the test version of iOS 14, users saw relevant alerts when using some popular applications. As for TikTok, this was done in order to protect against spam. We have already updated the application in the App Store, removing this function in order to avoid possible misunderstandings. TikTok guards the personal data of users and the transparency of our application. We look forward to inviting external experts to our Transparency Center later this year. ”
Indeed, in the latest update of the blog, Talal High Bakri and Tommy Misk deleted TikTok from the list of programs that read the clipboard. However, the credibility of the application is already pretty much undermined, and there is no guarantee that its developers will not go to some new tricks.
In this regard, Misk said that the notification function in iOS is a good start, but in the end, Apple and Google need to do more:
Why is TikTok more dangerous than other interceptor applications?
Of course, all applications that secretly collect user data potentially carry the same danger. However, the extent of the spread of this danger directly depends on the size of the audience using the application. It is for this reason that the whistleblowers put TikTok in one of the first places - its popularity is growing rapidly.
Based on Apple's annual reports on the most frequently downloaded applications on the iPhone, by the end of 2018, TikTok was ranked 16th in the ranking, and a year later moved up to fourth, giving way to YouTube, Instagram and Snapchat. However, the growth of his popularity is unlikely to stop there. According to Bloomberg, in the first quarter of this year alone, TikTok downloaded 315 million times, which is almost half of the downloads for the entire last year. So the potential is obvious - at the moment it has over 800 million users. Now imagine that this huge audience every second jeopardizes the confidentiality of their personal data. The problem is indeed large-scale.
Never lose your vigilance
In conclusion, we recall that the issue of the safety of personal data is extremely important, including for crypto holders. At the moment, users of smartphones, tablets and other devices should be aware that all information stored in the clipboard can become available to any of the installed applications. And in the case of a shared clipboard, as on Apple devices, leakage is possible even through nearby connected devices.
If at least the slightest suspicion of surveillance appears, do not forget to clean the clipboard after use, for example, copy a piece of any “left” text instead of important information. By and large, it is better to do this every time as a precaution. And if a crypto wallet is installed on your device, and you constantly enter a mnemonic phrase, use the recommendations from this article . In a word, always be on the alert - safety first!
