According to numerous privacy and security specialists who have looked into the TikTok app, there aren’t any obvious bugs that would indicate the software is actively spying on users or leaking personal information.
TikTok was the subject of a 2020 investigation by The Washington Post and a privacy researcher, who came to the conclusion that the app did not appear to collect any more data than your normal mainstream social network. The Citizen Lab at the University of Toronto employed Taiwan-based researcher Pellaeon Lin the following year, who carried out a similar technical investigation.
Even so, even if TikTok gathers roughly the same amount of data as Facebook or Twitter, that’s still a lot of information, including details about the videos you watch, comments you make, private messages you send, and — if you consent to this level of access — your precise geolocation and contact lists. According to TikTok’s privacy statement, the company also gathers information such as your email address, phone number, age, search and browsing history, the content of the images and videos you upload, and, with your permission, the items in your device’s clipboard so that you can copy and paste data into the app.
According to Lin in an interview, the source code of TikTok is very similar to that of Douyin, the app that is founded in China. According to him, this suggests that both apps were created using the same code base and were then tailored for their different markets. Theoretically, TikTok could have “privacy-violating hidden features” that the general public might not be aware of and that can be turned on or off with a tweak to its server code, but Lin was unable to determine whether those configurations or features exist due to the restrictions of trying to reverse-engineer an app.
According to Lin, there would be a problem if TikTok used unencrypted communications protocols, attempted to gain unauthorised access to contact lists or exact geolocation data, or moved to get around system-level privacy controls built into iOS or Android. Yet he didn’t discover any of those items.
In terms of their communication protocols, Lin noted, “We did not uncover any overt vulnerabilities, nor did we identify any overt security issues within the app.” Regarding privacy, we also did not observe any malware-like behaviour in the TikTok app.
Lin’s research has been mentioned by TikTok in support of their position. Nevertheless, Citizen Lab reacted angrily to TikTok’s portrayals of the article this week, claiming that the firm had presented the research as “somehow exculpatory” since a crucial result was that Lin was unable to know what happens to user data after it has been gathered.
Chew reminded legislators during the hearing that TikTok and Citizen Lab were actually saying the same thing in a rare display of apparent displeasure. I’ve been attempting to prove a negative for the past four hours, but Citizen Lab claims they cannot.