728 x 90

Tiktok Ban : A Simple App promoting Harmless Fun or a Potential Security Threat?

  • GADGETS
  • Adrija Ray Chaudhury | Team PresentMirror | Updated: July 4, 2020, 8:18 a.m.




Nothing in this world comes for free. And when a popular multifunctional app has taken teenagers across the globe by storm, the safety of personal data cannot be insured. Especially, when an account of their nefarious activities has been vindicated by the evidence.


Tiktok-ban.jpg

History of Tiktok

Headquartered in Beijing, a Chinese multinational software company, ByteDance Ltd. launched a video sharing platform by the name Douyin in 2016. A year later, Douyin was launched in the international market under the name Tiktok. Zhang Yiming, founder of ByteDance stated that going global was a stepping stone towards the worldwide success of Tiktok. Tiktok merged with Musical.ly in August 2018. Thereafter, a larger video community came into existence with the existing data consolidated into a single app under the common name 'Tiktok'. It was a flying start for the company when it became the most downloaded app in the US and was also the first Chinese app to acquire the place.

Tiktok-Ban.png

Statistics showing Tiktok surpassing other apps in the US in respect of downloads, Image Credits: SensorTower

Universal Reception and Criticism

Soon after the merger of Tiktok with Musical.ly, Tiktok expanded to about 150 markets and was made available in 75 languages. With an estimated 104 million downloads in 2018, it became the most downloaded app in the Apple App Store surpassing Facebook, Instagram, and WhatsApp. Initially, though criticized as a potent platform for teens and meshuggeners. Tiktok was soon joined by a bevy of celebrities including biggies like Justin Bieber and Jennifer Lopez.

Nevertheless, the complex dissonances suggested American technocrats of immoral activities associated with Tiktok. In its privacy policy, Tiktok clearly declares that it collects user information, IP addresses, unique device identifiers, location data, and other data. Web developers Talal Haj Bakry and Tommy Mysk claimed that Tiktok shares videos and other content by app users through HTTP. HTTP is the HyperText Transfer Protocol that converts sensitive data into cleartext instead of encrypting it and allows any and everybody to get access to it. In January 2020, Check Point Research and other cybersecurity agencies rummaged into the programming details of Tiktok and discovered a security flaw that allowed SMS as an intervening medium to get access to user data.

Further reports included portentous references revealing Tiktok's storage of 4.6 million unique entries of the device data, GPS locations, full list of contact details, IMEI and IMSI numbers, backed up memory, and app data among other data. In 2019, Indian and Indonesian government also put a temporary ban on the usage of Tiktok because the platform was promulgating pornography and blasphemy. It also put down around 200 videos that were suggestive of promoting ISIS propaganda. Similar steps have also been taken by the Dutch Data Protection Authority and European Data Protection Board to secure user data.

Tiktok-Ban.jpg

Evidence in support of unethical breaching of data by Tiktok:

Tiktok-Ban.jpg

A code snippet from Tiktok Source code-Credits: Penetrum Security Analysis

In this code snippet, the app fetches a tracker called AppsFlyer, which according to their website is a SaaS-based platform used for customer relationship management that allows developers to own, analyze, and control customer data. Digging deeper into the code, we came across another snippet.

Tiktok-Ban.jpg

Code Credits: Penetrum Security Analysis

Like the above code, this too is pulled from the APK source code. APK stands for the android package and is the file format used by android. The aforementioned command "android. permission. ACCESS_FINE_LOCATION", as may be very clear to our readers, allows the API to determine absolutely fine and accurate location. This information can be derived from the global processing system (GPS), Wifi, and/or cellular data. Tiktok admits having used such methods to track customer location in order to generate localized advertisements. Their explanations behind the use of such inhibitory measures, nonetheless, have been found baseless and desultory.

Tiktok-Ban.jpg

Code CREDITS: PENETRUM SECURITY SOLUTIONS

This snippet is of magnanimous importance to support our previous claims that Tiktok does extensive data harvesting. It has control over almost all kinds of user information, starting from GPS location, device version to IMEI, and IMSI number. IMEI and IMSI numbers are unique IDs that come with your phone and are often used by cops to track criminals. We understand that the developers do need access to some of the basic user details to provide better content but they often tend to forget the fine line between use, abuse, and misuse of data.

How data leak can harm an user

The application has the capacity to download and execute remote code if it is unofficially granted access to the plethora of user data. They can practically do anything with your phone including

• Gathering your username and passwords

• Making and recording telephone calls

• Reading and sending text messages

• Getting access to all your files and photos

• Reading data from other applications(emails, saved passwords etc)

• Using wireless connections like bluetooth or wifi to deliver malicious payloads to other devices

• Reading your credit card and bank account information

• Using your phone as part of a bot-net to perform cyber warfare among others.

Indian Government's permanent ban on Tiktok and why it may be a healthy decision:

On 29 June 2020, the Ministry of Electronics and Information Technology banned TikTok along with 58 other Chinese apps citing a threat to the sovereignty and security of the country following a military clash with the Chinese army in Ladakh. The Ministry claims to have gathered proofs that indicate that there has been a surreptitious transmission of unauthorized user data to servers outside India. Furthermore, Chinese law reserves rights to all sorts of technical information garnered by a company, headquartered in China which makes Tiktok accountable to the Chinese government.

If this is indeed true, we can only imagine the unwelcome ramifications if the Chinese government gets access to our precise locations and stored data. Not only will it push us into an economical doldrum, but will also aggrandize the military opulence of the Chinese army.The peremptory yet an encouraging decision to impose a permanent ban on these furtive applications might at the end of the day amplify the indefatigable spirits of the Indian Army and at the same time protect privacy of Indian citizens.

    • SUPPORT US
    • To fight yellow journalism and give you the news that is mirror of truth, we need your support. We need your support to fight the lies and the propaganda. Please contribute whatever you can afford.


Newsletter

    >
  • Subscribe

Recommended

Recent Post