An IT security company has examined the video app TikTok for data protection. The result: TikTok collects data of all applications installed on the phone. The app also seems to keep connecting to a server in China.
It’s not the first time that popular video app TikTok has come under fire for privacy investigations. An analysis of an American-Australian IT security center is now putting the platform operated by the Chinese company ByteDance back in the limelight.
Internet2.0 has released a report showing that TikTok places privacy as a secondary priority. In addition, it seems as if the app keeps secretly connecting to Chinese servers.
Data protection is written in small letters at TikTok
The IT company’s report is a technical analysis of the source code of TikTok mobile applications on Android 25.1.3 and iOS 25.1.1 operating systems. The investigations focused on the collection of device data. And this is particularly noticeable with iPhone users.
Permissions and collecting device data are overly intrusive, the report said. This is not necessary for the functioning of the application. For example, the video app accesses the location of the smartphone as well as the calendar and all contacts. In addition, TikTok also retrieves device information such as the serial number, SIM serial number or MAC address of the device.
According to the analysis, the app retrieves all other running and installed applications on the phone. In theory, this information could create a realistic diagram of a smartphone.
What particularly catches the eye: TikTok accesses all accounts of the user device in the background. According to the Internet2.0 study, the app also has access to read the clipboard. This is particularly dangerous because the password manager also accesses it.
TikTok is secretly connecting to China
In addition to the disregard for data protection in general, the IT specialists also noticed that TikTok appears to be using the operating system of iPhone users to establish a server connection to mainland China.
TikTok has expressly stated that the data of users of the video app will be stored in the USA and Singapore. In addition, the application has no connection to the Beijing-based ByteDance division. However, during the investigation, the Internet2.0 team discovered that the iOS application’s subdomains are being resolved all over the world, including Baishan, China.
During the analysis, we could not determine with great certainty the purpose of the China server connection or the location where user data is stored.
However, the team observed that the IP address leading to China changed its location regularly. The connection to Baishan was visible from a number of different IP addresses during the course of the investigation. What is interesting is that Baishan is home to the cyber security company Guizhou Baishan Cloud Technology is located, which operates a joint data laboratory in cooperation with the local university.
According to Internet2.0’s analysis, only iOS versions of TikTok showed these server connections to mainland China. In the Android version of the platform, the IT specialists could not find any direct connections with a Chinese server.
TikTok denies connection to Chinese servers
The conclusion of the report is that for TikTok to function properly, most access and device data collection is not necessary. Thus, the research group concludes that the only reason for collecting the data is to collect it. Ultimately, this is not only interesting for users, but also for politicians.
This report aims to help policymakers and legislators make fact-based decisions.
Former US President Donald Trump had already tried to issue a TikTok ban during his tenure. He cited security concerns and potential Chinese espionage as the reason. However, current President Joe Biden has withdrawn the ban order.
According to the Mirror, TikTok disagrees with the report’s findings. IP addresses would be in Singapore and network traffic would not leave the region. It is clearly untrue that there is any communication to China.