
“TikTok is a data collection service that is thinly-veiled as a social network.” - notRobot
https://old.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/fmuko1m/
======
allzeros
I wouldn't be surprised by any of this, but the reddit post reads too...
reddit-y, I guess? I mean, I could easily write a post like that without
actually doing anything. Where's the proof? I want to _see_ these analytics
payloads. I want to _see_ how they disassembled the app. So far, though,
there's not a lot of proof, just some statements about analytics data and "I'm
a nerd who figures out how apps work for a job".

~~~
parliament32
Oddly, lots of this stuff just seems wrong. On Android, so maybe that's the
discrepancy, but he's going on about GPS pinging while the app doesn't even
request the Location permission.

~~~
befictious
From their Privacy Policy...

>We automatically collect certain information from you when you use the
Platform, including internet or other network activity information such as
your IP address, geolocation-related data (as described below), unique device
identifiers, browsing and search history (including content you have viewed in
the Platform), and Cookies (as defined below).

>We collect information about your location, including location information
based on your SIM card and/or IP address. With your permission, we may also
collect Global Positioning System (GPS) data.

>You can switch off GPS location information functionality on your mobile
device if you do not wish to share GPS information.

The above makes it sound like you have to turn off GPS for everything. They
could likely be skirting different methods for collecting this. and the only
way to prevent it is turning off gps at the device level not app permission
level

>We use the 'Region' you select in Settings to customise your TikTok
experience. When you use the Platform on a mobile device, we will collect
information about your location. In certain jurisdictions, with your
permission, we will collect Global Positioning System (GPS) data and mobile
device location information. If you do not wish to share your precise location
with us, you can switch off location services via the settings on your mobile
device

>5\. Where we store your personal data. The personal data we collect from you
may be stored on a server located in Singapore or the United States, outside
of the country where you live. We maintain major servers around the world to
bring you our services globally and continuously.

------
funtoos
Isn't all social media is ultimately data collection service ?

~~~
fsflover
The author explicitly says: "For what it's worth I've reversed the Instagram,
Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same
amount of data that TikTok does, and they sure as hell aren't outright trying
to hide exactly whats being sent like TikTok is."

~~~
zaro
But is it so really?

Last year there were articles about how Facebook sdk collects data from each
app that integrates it, even before you login with Facebook. To me it still
looks like a much wider data collection than what a single app can do.

~~~
searchableguy
imo, this is even more eye-rolling situation -
[https://github.com/facebook/facebook-ios-
sdk/issues/1374](https://github.com/facebook/facebook-ios-sdk/issues/1374)

------
curiouser2
I'm confused by this. Aren't apps sandboxed fairly hard? How would TikTok get
any data outside of what's allowed by Apple/Android's app APIs? If they're
getting more information than that, isn't that up to the OS to limit?

~~~
ganoushoreilly
I think one of the more recent allegations (past few days) is that it may be
copying the clipboard of iPhones. I've only seen evidence that it was making
an API call that can be used maliciously. It's definitely suspect given the
value of the intel.

------
mcv
I have only heard bad things about TikTok so far, and wouldn't let my kids use
it. A couple of weeks ago, there was a story about presence of sexual
predators preying on children and TikTok's utter lack of moderation.

------
codedokode
Isn't Google and Microsoft doing the same? As far as I remember, Google Maps
is almost secretly collecting user location data and sending it home.

A good solution would be to fix Android and don't let any app access phone
number information, any hardware identifiers, location. But instead we see
posts like this suggesting to ban TokTok instead. Why?

------
PEJOE
Remote code execution is huge. Why does google allow this on their app store?

~~~
parliament32
I guess because it's run with the permissions of the parent app so it doesn't
really matter. You can download and exec all the code you want but it won't
really help you do anything if you have the permissions and resource limits of
the parent anyway.

~~~
yjftsjthsd-h
Google is, in fact, breaking such functions, which is a pain for those of us
who users _do_ have a legitimate use for it:
[https://github.com/termux/termux-packages/wiki/Termux-and-
An...](https://github.com/termux/termux-packages/wiki/Termux-and-Android-10)

------
olliej
As opposed to Facebook?

~~~
EarthMephit
From the linked post he makes a direct comparison to facebook, and its pretty
daming for TikTok:

"For what it's worth I've reversed the Instagram, Facebook, Reddit, and
Twitter apps. They don't collect anywhere near the same amount of data that
TikTok does, and they sure as hell aren't outright trying to hide exactly
whats being sent like TikTok is. It's like comparing a cup of water to the
ocean - they just don't compare."

~~~
olliej
the apps themselves don't go to such abusive extent, but that's because they
get all the information from the innumerable sites across the web that embed
Facebook tracking code.

