
Anonymous Hackers Target TikTok: ‘Delete This Chinese Spyware Now’ - dsavant
https://www.forbes.com/sites/zakdoffman/2020/07/01/anonymous-targets-tiktok-delete-this-chinese-spyware-now/#71af7c5735cc
======
zelon88
I think it's funny that Forbes actually used a Twitter post of a screenshot of
a Reddit thread. That is just lazy reporting.

Additionally, while I don't use Tik Tok nor do I trust it, I don't find
anything overtly scary about what Tik Tok is collecting. Device information,
network information, location information, other installed apps; this is not
uncommon. The reverse proxy thing is a bit strange. Downloading zips and
running the payload is not outside the realm of possibility either. I'm not a
mobile programmer but I've had to write similar code for completely legitimate
desktop programs several times. Anti-debugging and obfuscation is literally
just the way apps are made these days. You can even build it into your toolset
and let your IDE do it for you. Having a crappy non-encrypted API is nothing
new, and I absolutely refute the claim that other social media apps don't try
to hide the data they collect and send about you. Almost everything sent over
the web by major platforms is encoded or encrypted in some fashion. And it's
par for the course for Chinese software to have obvious backdoors, hardcoded
credentials, and overall crappy security. I can't speak for their censorship
or moral practices because I don't use the app.

I am not saying I support TikTok or censorship. I'm just saying I don't think
the behaviour described is enough to call the app a "spying platform" for the
Chinese government. It probably is, but 100% of that work would be done on the
back-end anyway. Client apps are general-purpose information gatherers. That
is their primary function. That should surprise no-one.

