This week. users of social media platform TikTok were warned of the site’s ‘excessive’ data harvesting. In a report from Monday, Internet 2.0, the cyber security firm accused the application of being a huge ‘security flaw’ that is on the verge of taking place.
In the report from July 18, the company stated how the Chinese parties and ISP’s the platform has links to make it a rather ‘vulnerable data source’ which still has some investigation pending. Further, it noted how ‘data harvesting, tracking, fingerprinting,’ along with user data takes place all through the site.
Through its analysis of the source code of the Android version of the app, the company determined the type of data TikTok was harvesting. Along with it, attempting to find out as to where the information was exactly going. A particular code’s piece indicated how the app’s alleged collection of the IMEI number of the phone. Essentially, it identifies the devices, showing whether TikTok was re-installed, along with the other applications on it.
Additionally, Internet 2.0 detected how 37% of the known IP addresses on TikTok has alleged connection to Alibaba. This Hangzhou-based internet service fell victim to a security breach in November 2019. Particularly, this witnessed collection of over 1.1 billion parts of user data by a software developer.
“TikTok does an excessive amount of tracking on its users, and that the data collected is partially if not fully stored on Chinese servers with the ISP Alibaba”.
Robert Potter, the co-chief executive of the company took to Twitter following the publishing of the report. He stated how all of the research done for it was sent to TikTok for verification and comment on the situation. He noted how the platform declined going to record regarding their infrastructure based in China.
Moreover, a spokesperson from the social media platform stated how Internet 2.0 had made ‘baseless claims’ in the app’s name. He went on to argue how TikTok does not uniquely collect any more information than other social media sites. In the statement, it was noted how user information from TikTok is kept in the US and Singapore. Further, they specified how TikTok has been ‘clear and vocal’ regarding adopting access controls such as encryption, along with security tracking to protect user data.
Ultimately, they clarified how TikTok IP addresses is stored in Singapore, specifying how network traffic does not escape ‘the region.’ They noted how the implications regarding any such connection or link with China is rather ‘categorically untrue.’