Is TikTok a surveillance tool for China?

The controversy swells again around the social network Chinese TikTok. In 2020, he was charged with illegal information gathering. Donald Trump then signed an executive order against the publisher ByteDance. This time it’s Brendan Carr, an FCC commissioner (Federal Communications Commission) who arrested Google and Apple on Twitter to ask them to withdraw TikTok from their app stores.

The charges are based on an investigation by BuzzFeed News, which analyzed 80-hour audio recordings of “leaked” internal meetings. So far, TikTok attempted to reassure the US government that all US user data was hosted in the United States.

An administrator in China would have access to all the data

However, in these recordings, BuzzFeed found fourteen claims indicating that China accessed the data, at least between September 2021 and January 2022, and probably beyond. They speak in particular of a chief administrator, a ” Master Admin in Beijing, which would have access to everything. Just hours after the accusations were published, TikTok announced that all US user data had migrated to servers atOracle and are only accessible from the United States.

The FCC Commissioner also cites other violations, such as when theapplication bypassed securityandroid in 2020 to collect private data. He also recalls that India banned the app in the country following the data theft and accuses the app of being ” an unacceptable risk to national security “. However, Brendan Carr speaks only for himself, the other commissioners having not yet taken a position. It remains to be seen if Apple and Google will grant its request in the United States, and if this will have repercussions on the application in Europe.

TikTok would have collected personal data illegally for more than a year

The Chinese social network TikTok is accused by the wall street journal to have recovered themac address users on Android, for 15 months until November 2019. An illegal practice that could strengthen the desire of the United States to ban the application on its soil.

Article by Fabrice Auclert, published on 08/13/2020

And if Donald Trump was right… While the President of the United States has declared war on TikTok, guilty according to him of being at the boot of the Chinese government by collecting and then giving up users’ personal data, the wall street journal reports that the app violated Google’s Privacy Policy.

Until November 2019, TikTok managed to collect the Mac address of users, a unique identifier specific to each connected device, and in this case to smartphones. This private data was collected to target users for advertising purposes, but also to file them. This is classic in software of the ” adware and other malware, but it is strictly prohibited by Google, and its Play store for several years, which requires that the Mac address be neither visible nor collected.

The latest version of TikTok is risk-free

According to the American daily, which relies on the reports of security experts, Tik Tok circumvented the regulations by encrypting its Mac address recovery function, and this is obviously illegal. The newspaper specifies that this collection would have concerned millions of users on a duration about 15 months.

For its part, the leaders of the social network have confessed half-word since they explain that ” the current version of TikTok does not collect Mac addresses » and that they encourage « users to download the latest version “. the wall street journal tested this latest version, and indeed, collecting the Mac address is no longer possible. Recall that on iPhone, TikTok was among the apps that accessed users’ copy-paste.