Mumbai: So how much data does TikTok, the now banned Chinese app, collect from users? A lot, it seems. And is banning the app enough to stop data from being stolen from its users? No, say experts.
Cyber experts in India say that TikTok is a huge data collection scheme and point out how risky the app is, as snooping is done not at one level, but at various levels. An analysis of the extent of data collected by the app from phones where it got installed, makes for an interesting study.
An anonymous Redditor going by the username u/bangorlol, claims to have reverse-engineered TikTok, Facebook, Twitter, Instagram and Reddit, to have come to the conclusion that no other app anywhere collects the amount of data that TikTok collects. It’s like comparing a cup of water to the whole ocean and there is no comparison, the Redditor says. Apparently, TikTok collects a wide range of data—from who you are to what you do, to important identification documents, to all your secret passwords; TikTok collects the user’s location; internet address and browsing history; it can also store phone numbers, age, and payment information if users opt in. Specifically, the app collects the following from its users: (a) phone hardware (CPU type, number of course, hardware IDs, screen dimensions, DPI, memory usage, disk space, etc); (b) other apps you have installed; (c) everything network-related (IP, local IP, router Mac, your Mac, Wifi access point name); whether or not you’re rooted/jailbroken; some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds—this is enabled by default if you ever location-tag a post; (d) they set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication.
Time and again, TikTok has come under fire for handling private data. Even after promising in the past, TikTok didn’t stop its invasive practice and was caught snooping by security researchers, raising security concerns about the app. The worry increases given the Chinese origin of the app.
And now that TikTok has been banned in India, cyber experts say that with the banning, uninstalling the app is also required. “IP addresses of these apps are being blocked at the gateway level. But users should be encouraged to uninstall the app as well,” said cyber expert Jiten Jain.
This is because even after being banned, the app can have access to one’s content. Cybersecurity consultant Ritesh Bhatia said: “All the apps that have been banned have permissions to access a lot of data on our phones such as gallery, microphone, camera, contacts and much more. So even if the apps have been banned, the apps still remain on our devices and can continue to access all the information. Hence, users need to manually uninstall all these apps. Ideally, CERT, India, should issue an advisory that all the 59 Chinese apps banned should be manually uninstalled for security, data privacy and protection reasons.”