TikTok’s data collection may be more aggressive than you think

TikTok’s explosive growth over the past two years has become a rare example of a Chinese Internet company succeeding in the West. In addition to TikTok, which is well known in the international market, another name for the application in the Chinese market is Douyin. In fact, as TikTok has repeatedly achieved the best downloads in its category, there have been skeptical observations about its use and privacy. In January 2021, 43.7% of users were aged 18-24, and 31.9% were aged 25-34. Opinions are largely divided on whether to ban TikTok or fine-tune the regulations.

A few days ago, Penetrum, an Internet 2.0 company, released a technical analysis report on the TikTok app, which revealed that 37.70% of the known IP addresses in its source code are located in Hangzhou, China, for Alibaba Group, founded by Jack Ma, a government-approved belongs to an internet service provider. The group’s privacy policy states that they share and distribute the personal data of their users.

It is true that we should not rationally be prejudiced against TikTok just because it is a subsidiary of a Chinese company. However, it is difficult to imagine that companies like ByteDance, which have enormous influence, can grow to be giants without the support of the Chinese government. Not only that, but several reports have revealed that even though TikTok has local operations teams in the US and Australia, employees of the parent company still have access to the data of overseas users. Because of this unlimited authority, TikTok is in a very different position than Facebook and Google, which also collect huge amounts of user data every day.

TikTok Australia has said they are independent when faced with doubts, giving the impression they would not share user data with foreign governments. However, keep in mind that in China, companies and citizens are legally allowed to share their data if required by relevant authorities in the name of “national security”.

“When the app is in use, it can scan your entire hard drive, access your contact list, and see all the other apps you have installed… If you tell Facebook you don’t want to share something, it won’t ask you anymore. TikTok is much more aggressive.” says Robert Potter, co-CEO of Internet 2.0.

According to the TikTok analysis Internet 2.0 presents certain accesses that TikTok’s requests do not require for a social media application:

Scans your GPS location once every hour (even if it’s running in the background)
Checks all other apps running on your phone
It collects a list of all the applications installed on the phone
Full access to read the clipboard
Information about all accounts on the device
Gets a list of all files on external storage, ByteDance

Get the location code

TikTok receives requests for latitude and longitude data

Download all apps and running tasks on the device

TikTok Android access permissions

TikTok iOS access permissions

You can list everything in the external storage

None of the permissions listed above should be essential. In terms of access scale, this is more of a harvesting behavior that leads to a potentially more valuable outcome for the business, but little to end users.

Whether it’s a political football or a real privacy threat, we as end users don’t necessarily have to give a positive response to permission requests from an app. Keeping permissions to a minimum would be good enough to let apps do the work for you.

Leave a Comment