Reverse the technology of TikTok, the software engineer is astonished at the level of user information collected by the application

Tram Ho

Whether Facebook or Twitter is being seen as a model for applications that involve compromising sensitive data of users, but compared to emerging social network TikTok, these are still online security paradises. online user information. That is a judgment from a senior software engineer with 15 years of experience.

Two months ago, a Reddit user called Bangorlol said that he had succeeded in reversing the technology for TikTok and allowed the engineer to look into the application’s internal mechanism. Basically, for the behavior of this application when tracking users blamelessly as well as many other issues, this engineer recommends that users should never install it.

Đảo ngược công nghệ của TikTok, kỹ sư phần mềm kinh ngạc vì mức độ thu thập thông tin người dùng của ứng dụng - Ảnh 1.

Here is what he discovered.

I have reversed this application technique and feel confident that I understand how this application works (or at least how it works for a few months now). TikTok is a data-gathering service. fragile cover in the form of a social network, if there is an API to get information about you, your contacts, your device … they will all be used.

Phone hardware (CPU type, multiplier, hardware id, screen size, pixel density, memory usage, storage hard drive, etc.). Apps installed on the phone (I even see some of the apps that have been deleted appear in their app download analysis – perhaps it’s taken from cache values). All information related to the data network (IP address, MAC address of the router, device MAC, wifi name) is collected.

The information collected by TikTok regardless of whether your device is rooted or jailbroken.

Some versions of the app also turn on GPS periodically, about 30 seconds at a time – this is enabled by default if you’ve ever tagged an address for your post. They also set up a proxy server right on your device for “multimedia transcoding”, but it can be compromised easily when it has almost no authentication measures.

Đảo ngược công nghệ của TikTok, kỹ sư phần mềm kinh ngạc vì mức độ thu thập thông tin người dùng của ứng dụng - Ảnh 2.

The scariest part of all this is that much of this logging activity is remotely configured, and unless you can reverse each of their native libraries and manually check each of its shady functions.

On top of that, they don’t even use HTTPS for a long time. They leak the user’s email address in their HTTP REST API, as well as the user’s secondary email address to reset the password. Not to mention the user’s real name and date of birth. All were publicly disclosed a few months ago.

Meanwhile, they have many different layers of protection to prevent you from reversing this application. The behavior of the application will change slightly if it knows you are trying to figure out what they are doing.

They don’t seem to want you to know how much information you are gathering about you, as well as their poor data security practices. They encode every analysis request with an algorithm that changes with each update so you can’t see what they’re doing.

Đảo ngược công nghệ của TikTok, kỹ sư phần mềm kinh ngạc vì mức độ thu thập thông tin người dùng của ứng dụng - Ảnh 3.

I have reversed the Instagram, Facebook, Reddit and Twitter applications. The amount of data they collect is not as much as TikTok does, and certainly they do not dare to publicly conceal what is sent just like TikTok. (The above app compared to TikTok) is like a cup of water with the ocean – they cannot be compared . ”

Final words: ” I’m just a nerd (from tech addicts) who wants to find out how the app works. Calling it (TikTok only) is an advertising platform that’s still too light. Basically. TikTok is a malware aimed at children. Don’t use TikTok. Don’t let your friends and family use it either . ”

Bangorlol’s advice is coming more timely than ever. Statistics show that, in 2019, TikTok is the 4th most downloaded free app on iPhone. The income of this application also increased in proportion to its increasing popularity. According to a report from Bloomberg, ByteDance’s net profit, which owns TikTok, reached $ 3 billion last year.

Not only Bangorlol’s discovery, Apple’s recent iOS 14 update also caught many user infringements when repeatedly warning TikTok to access the device’s cache. After Apple announced iOS 14, TikTok also announced that it will no longer access the cache on the user’s computer.

Refer to BoredPanda

Share the news now

Source : Genk