Calls to ban tik tok

July 18, 2022 |

Internet 2.0 has published It’s their word against their source code – TikTok report regarding Tik Tok’s appalling privacy practices and prodigious data harvesting practices.  It is a comprehensive and definitive report.  While it may highlight specific details of how Tik Tok harvests data from users using its app on Android phones Tik Tok’s privacy intrusive conduct has been known for years.  The problem is the will to do something about it.  Tik Tok argues that data it collects is not stored in China, such as Singapore and that there are protocols prevening Chinese based personnel accessing it.  Those protocols are weak and more window dressing than reality. 

The Executive Summary of the report relevantly states:

 In our analysis the TikTok mobile application does not prioritise privacy. Permissions and device information collection are overly intrusive and not necessary for the application to function. The following are examples of excessive data harvesting.

    •  Device Mapping. The application retrieves all other running applications on the phone. TikTok also gathers all applications that are installed on the phone. In theory this information can provide a realistic diagram of your phone.
    • Location. TikTok checks the device location at least once per hour.
    • Calendar. TikTok has persistent access to the calendar.
    • Contacts. TikTok has access to contacts and if the user denies access, it continuously requests for access until the user gives access.
    • Device information. TikTok has code that collects the following device detailed information on Android.
      •  Wi-Fi SSID
      • Device build serial number
      • SIM serial number
      • Integrated Circuit Card Identification Number (this is global unique serial number that is specifically tailored to your SIM card)
      • Device IMEI
      • Device MAC address
      • Device line number
      • Device voicemail number
      • GPS status information (updates on the GPS location)
      • Active subscription information
      • All accounts on the device
      • Complete access to read the clipboard (dangerous as password managers use clipboards)

Also of note is that TikTok IOS 25.1.1 has a server connection to mainland China which is run by a top 100 Chinese cyber security and data company Guizhou Baishan Cloud Technology Co., Ltd.

The Economist’s 6th July edition was titled Whose afraid of Tiktok? which stated in part:

The most frequently cited risk is privacy. China’s government gives itself the right to demand whatever data it likes from firms based in the country. Though most TikTokers are unbothered by the Communist Party analysing their dance moves, the app’s torrent of videos could be trawled for face and voice data to add to the digital panopticon that China is building at home. Yet this worry is probably exaggerated. Most such information could be scraped from TikTok’s front end or bought online—especially regarding Americans, who are poorly protected by data-privacy laws. The advantage of inside access would be marginal.  

I have posted on Tik Tok’s lack of privacy controls in July last year with Call for privacy controls on Tik Tock.

The Australian reported on the Internet 2.0 report in Calls to ban social media app TikTok over concerns it is harvesting data used by Beijing which provides:

There are calls to ban the ­Chinese-owned social media platform TikTok in Australia, with a report warning that the video app harvests vast and unnecessary amounts of personal data that could be used by Beijing for intelligence purposes and cyber hacking.

The report, prepared by the joint Australian-US cyber security firm Internet 2.0, shows that the app is almost unique in the level of information it seeks from its unwitting billion-plus users worldwide.

This includes device mapping to monitor all other apps running on a user’s phone, hourly checks of their location, constant access to the user’s calendar, access to the user’s contacts and the ability to pinpoint detailed information about the specifications of the user’s phone.

The report’s authors note that much of the information being sought is not required to make the app work, raising questions as to why the data is being collected.

“The application can and will run successfully without any of this data being gathered,” the report states. “This leads us to believe that the only reason this information has been gathered is for data harvesting.

Sky News host Cory Berardi says private information from US TikTok users is going “directly to the Communist… Party of China”. Leaked audio from more than 80 internal TikTok meetings shows China-based employees of ByteDance have repeatedly accessed non-public data about US TikTok users, according to a report More

“It is also notable that the device only needs to ask the user for permission to perform each of these actions once and then follow the user’s preferences.

“In our analysis, the TikTok mobile application does not prioritise privacy.”

Minister for Home Affairs and Cyber Security Claire O’Neil said the federal government had received the Internet 2.0 report and previous governments “have been well aware of these issues for some years”.

She said more should have been done previously to address privacy concerns involving apps such as TikTok. “They are complex and difficult and don’t just relate to TikTok,” she said.

“The ACCC Digital Platforms Inquiry asked the then-government to undertake work in this area three years ago, which they did not progress; that is ­regrettable.

“Australians need to be mindful of the fact that they are sharing a lot of detailed information about themselves with apps which aren’t properly protecting that information. I hope it concerns Australians because it certainly concerns me.”

TikTok is owned by Chinese company ByteDance and its inventor, Zhang Yiming, has a personal wealth estimated at more than $40bn, much it fuelled by the runway success of TikTok, which had been downloaded 3.5 billion times worldwide as of January.

The findings in this report reflect similar concerns identified by Internet 2.0 about the private data being collected via the WeChat app, also owned by China.

Internet 2.0 director, former SA trade and innovation minister Tom Kenyon, said the findings about TikTok showed it was wrong for people to regard the app as nothing other than harmless fun. “It’s time to recognise the role Chinese tech apps are playing in data collection for the Chinese Communist Party and its security agencies,” he said.

“TikTok collects far more data from users than it needs to. The only logical conclusion is that it is data harvesting.

“WeChat has shown it too plays its role in data collection and propaganda dissemination. WeChat has been used by political candidates to reach voters of Chinese descent in Australia and it is possible the Chinese government has been involved in that.”

Mr Kenyon said the close relationship between Chinese companies and the Chinese government meant Australia needed to act against both the TikTok and WeChat apps.

Opposition cyber security spokesman Senator James Paterson urged the Albanese government to act on the report.

The Internet 2.0 report is set to make international headlines and will be presented to the US Senate hearing on TikTok on Monday.

The US Senate has been examining the app’s links to the Chinese government amid rising alarm in the West over cyber attacks and the use of personal data.

In a bipartisan move against TikTok’s parent company, Democrat senator Mark Warner and Republican Marco Rubio issued a call this month for the US Federal Trade Commission to investigate ByteDance due to “repeated misrepresentations” over its handling of US data.

 

The repo

Leave a Reply





Verified by MonsterInsights