TikTok is accused of over-accessing personal data and still storing user data on servers located in China through a network of subdomains.
On July 18, Australia-based internet security company 2.0 published a study accusing the Chinese video-sharing platform of “a major security hole”, potentially posing many risks that could cause any kind of outbreak. any time.
According to the report, the company analyzed TikTok’s source code to determine what data the platform is collecting and the destination of the aforementioned data.
The security firm claims that TikTok has requested access “more than it’s publicly stated”. Specifically, when the user turns on the application, it will be granted the right to scan the entire hard drive, access the contacts as well as know what applications are installed on the device.
A piece of code also reveals that TikTok collects IMEI, a series of phone identifiers. In addition, TikTok automatically checks the device location at least once an hour and continues to search for contact data even if the permission request is denied.
Even with the user’s Calendar application, TikTok has constant access to read and edit, when the platform should only be granted permission in special cases, like broadcasting a live event .
TikTok claims the company stores user data at servers in Singapore and the US. However, analysis of Internet 2.0 shows that many subdomains are set up in many parts of the world, including in the city of Baishan, China.
“We still do not know the purpose of the connection or the location of the user data. The China server connection is operated by Guizhou Baishan Cloud Technology, a cybersecurity and cloud services company. Subdomains located in many parts of the world are connected to servers in China,” Internet 2.0 said.
Internet 2.0 found that 37.7% of TikTok’s known IP addresses are believed to be affiliated with Alibaba, an Internet service provider based in Hangzhou, China. This company is also the victim of a data leak at the end of 2019, which caused more than 1.1 billion user information data to be collected by a software developer.
The study concluded that “TikTok performs too much user tracking and the data is stored in whole or in part on servers located in China of ISP provider Alibaba.”
“They declined to provide details about the infrastructure in China,” said Robert Potter, co-CEO of Internet 2.0.
In addition, security experts also said that TikTok, with its position as one of the most popular social networks in the Czech Republic, is collecting data of about 2 million users, mainly adolescents under the age of 24 in this Eastern European country.
Previously, ByteDance’s video-sharing platform also admitted that user data in Australia was transferred to China and that some company employees had impactful access to the above information.
“Our security team only provides access to the minimum number of employees who need to do their jobs,” said Brent Thomas, TikTok Australia director. “The company has policies and procedures that limit internal access to Australian user data.”
Meanwhile, a TikTok spokesperson claimed that Internet 2.0 has made “unsubstantiated” claims, claiming “the amount of information collected is not unusual”, even less than many applications. other popular mobile apps.
Vinh Ngo (Synthetic)