Turns Out TikTok Has Alarming Access To Your Phone – Lifehacker Australia | Hot Mobile Press

Love it or hate it, TikTok is here to stay. In fact, a recent estimate by research firm Higher Visibility predicts that by 2025 there will be nearly 2.6 billion daily users – 106 times Australia’s population. This is based on the simple math that eight new users join TikTok every second.

But with that scary news out of the way, it’s time to discuss the next one: that using TikTok on your phone grants access to your personal information.

A new analysis by Australian cybersecurity firm Internet 2.0 has revealed that TikTok is requesting almost full access to a phone’s contents while using the app. This data includes calendars, contact lists and photos.

Internet 2.0 co-founder and co-CEO Robert Potter explained to ABC News that he and his team disassembled the app’s source code to assess exactly how it would work on a phone.

“When we did that, we saw that the level of permissions the phone was requesting was significantly more than what they publicly said,” Potter told the ABC. “When the app is used, it can scan the entire hard drive, access the contact lists and see any other apps that have been installed on the device.”

Potter posits that these permissions are “significantly more” than what a social media site needs access to.

While research has talked about TikTok “harvesting” data, Potter said that because Internet 2.0 could only see parts of how the app worked, Internet 2.0 couldn’t see exactly what was being retrieved.

“All we can say is that TikTok gives itself permission to retrieve this data,” he clarified.

He said when Internet 2.0 addressed this issue on TikTok, they didn’t realize what exactly they were using these permissions for, but they are there and it’s alarming.

The thing is, users give the app permission to do so, but they are basically forced to do so in order to be able to use the app. It’s also not entirely clear what terms you’re signing up for (something the ACCC is investigating more widely).

In September 2020, as TikTok became a household name, the company told an Australian Senate committee that personal data collected from Australian users would be stored on servers in the United States and Singapore.

“We have tight controls over security and data access… TikTok has never shared Australian user data with the Chinese government or censored Australian content at their request,” the company told the committee as part of its investigation into foreign social media interference.

But Potter said his company’s investigation into TikTok also looked at how the app communicates with the rest of TikTok’s infrastructure.

“On closer inspection, we saw that it connects to servers around the world, including in China,” he said.

TikTok stood by its claim, and Potter said it’s not clear what exactly is being sent to China, just that “the phone is connecting to servers in China on a regular basis.”

Potter said Internet 2.0 threw over a dozen cybersecurity products at the app and each time saw the app connect to servers in China.

“Most of the access and device data collection is not required for the TikTok application to function properly,” the report concludes. “The application can and does run successfully without this data being collected.

“This leads us to believe that the only reason this information was collected is for data collection.”

In response, TikTok told Gizmodo Australia that its app is not unique in the amount of information it collects. In fact, it has been claimed to be less than many popular mobile apps.

“In accordance with industry practices, we collect information that users voluntarily provide to us and information that helps the app function, work securely, and improve user experience,” a TikTok spokesperson added to the phone access claims added.

The spokesperson also reiterated that TikTok user data is stored in Singapore and the US, and that the company is “clearly and vocally” using access controls such as encryption and security monitoring to protect user data, with the access approval process overseen by a US-based security team.

“The IP address is in Singapore, network traffic does not leave the region, and it is categorically wrong to imply there is communication with China,” TikTok said.

“The researcher’s conclusions reveal fundamental misconceptions about how mobile apps work, and they say they don’t have the proper testing environment to validate their unsubstantiated claims.”

This article has been updated to include comments from TikTok since it was first published.

Leave a Comment