TikTok ban called for by experts after report shows app sends data to China: Internet 2.0
Australians are being warned to remove TikTok from their phones after a new report from cybersecurity experts found sensitive information being sent back to China.
Security firm Internet 2.0 cracked the source code for the popular video-sharing platform — downloaded by more than 7.5 million Aussies — to discover how a string of data is being targeted without the user’s awareness.
The Beijing-backed app uses users’ smartphone calendars, contacts list, and scans the device’s ID and hard drive to check all other installed apps.
TikTok also checks the device’s location at least once an hour and will persist in searching for contacts’ data even if permission is denied, the report said.
The platform that beat Google and became the most popular website in the world in 2021 is mainly used by young people under the age of 18. It consists largely of short dance videos and is generally considered harmless.
But with the communist superpower, a world leader in data collection, AI and facial recognition software, there are fears that TikTok is being used by Beijing to spy on young people in the west.
Australians are warned to remove TikTok from their phones after a new report from cybersecurity experts discovers sensitive information being sent back to China (stock image)
Robert Potter Internet 2.0 CEO accused TikTok and parent company ByteDance of deception.
“Their source code is at odds with their public statements about the functioning of their app,” he told network Nine.
TikTok says all user data for the region is hosted in Singapore and can only be accessed by a small number of people who need it to maintain the site.
“The IP address is in Singapore, the network traffic does not leave the region and it is absolutely false to suggest that there is communication with China,” the company said in a statement.
However, Mr Potter said his team had determined that the app on Apple smartphones was connecting to servers in China, but they couldn’t say what information was being sent.
“There were significant amounts of traffic flowing to servers in China,” he said.
In a report distributed to Australian and US politicians, Internet 2.0 said TikTok was not transparent about the data it requested and where it went.
The Beijing-supported app uses users’ smartphone calendars and contact list and scans the device’s ID and hard drive to check all other apps that are installed
“During the analysis, we were unable to determine with great certainty the purpose of the connection or where user data is stored,” the report said.
The Chinese server connection is managed by Guizhou Baishan Cloud Technology, a cloud and cybersecurity company.
“The subdomain connected to the Chinese server connection has been resolved in multiple locations around the world, including China.”
TikTok also requested access to external storage in a way it deemed “excessive.”
“This is a standard command for a social media application to save video and images,” the report said.
“The aspect that we consider exaggerated is that TikTok not only pulls up the ability to see folders, it pulls up a list of everything available in the external storage folder.”
According to the report, the app collected more information than it needed to work.
“The TikTok mobile application is built with a culture that does not consider privacy a principle, as most of the permissions and device information collected are beyond necessary for the application to function,” the report said.
China is a world leader in data collection, AI and facial recognition software and there are fears that TikTok is being used by Beijing to spy on young people in the west. Pictured: Chinese President Xi Jinping
TikTok said the information it collects follows industry standard practices and is securely encrypted.
Mr Potter pointed out that since the company is based in China, it is governed by Chinese laws and would be forced to hand over any data requested by the Communist Party.
“Because it’s domiciled and a Chinese company, it’s first under Chinese law, which means it operates in a very different privacy culture,” he said.
Under Chinese law, organizations and individuals are required to “support, assist and cooperate with state intelligence.”
TikTok has stated that its employees would never share information with the Chinese government, nor have they ever been asked to do so.
Liberal Senator James Paterson called on the government to take action and ban the app.
“It was worrying enough to learn that user data has recently been accessed in mainland China,” Paterson said.
“It is downright alarming to discover exactly what data is collected from TikTok users and how much of it is not needed.
“It’s hard to come up with a harmless reason for excessive data collection, especially since it could be obtained by the Chinese government.”
“The Albanian government must sit on its hands and act to protect the cybersecurity and privacy of Australians.”
Sharing of information with TikTok can be restricted through phone settings and is more restricted on PCs.
Liberal Senator James Paterson (pictured) has expressed concern about TikTok’s data collection and possible use by China
However, some experts say that the only way to stop the app from collecting data is to get rid of it.
ANU data encryption expert Vanessa Teague said the app can collect financial and payment information, messages, photos and videos; audio and sound recordings plus browsing history.
Even blocking location info for the app wouldn’t work if videos were tagged with the GPS location.
Dr Teague had succinct advice for those concerned about privacy.
“Delete the app,” she told SBS.
‘TikTok is less transparent… than Facebook [and] tends to be viewed less critically (because it is set in a less democratic country.”
Daily Mail Australia has reached out to TikTok for further comment.