TikTok spied on the traffic of its Android users

TikTok spied on the traffic of its Android users

The Chinese app could see their traffic by acquiring their MAC address. This feature was encrypted, probably to keep Google from blocking it

(Photo by NARINDER NANU / AFP via Getty Images) TikTok's not easy days. The clock has been running fast for the Chinese app since President Trump imposed an executive order that no American company can do business with the Chinese one starting in mid-September. Since this would actually entail for Google and Apple to remove it from their app stores, the only solution is to sell TikTok to an American company, probably Microsoft, although recently Twitter and Netflix also seemed interested.

The accusation that holds the executive order is the fear that the data of millions of Americans are not safe and that Beijing uses the app as a Trojan horse to spy on them. Although direct interference by the Chinese government has not been proven, according to the Wall Street Journal l, until November the app owned by ByteDance would have had access to the MAC addresses of its Android users. These addresses are unique codes for each device and cannot be changed. Unlike cookies, in fact, it is not possible to delete them or deny authorization and that is why they are very attractive for those who want to track their users. In fact, for those who live off advertisements, the more profitable the more profitable a user is, being able to analyze their habits without preventing them is a gold mine of information.

TikTok would have made it by exploiting a vulnerability in Android and without revealing it to Google . The access to the MAC addresses was prohibited by Apple in 2013, while Google did the same in 2015. However, although the Mountain View, in fact, the banning explicitly in its policy for developers, according to research AppCensus there is still a 1% of Android apps that would violate this policy. The Wall Street Journal, TikTok has only commented that at the moment the app does not collect the MAC addresses and that the other app is constantly working to upgrade security.

it is Difficult to say, however, whether this was an oversight. To increase the doubts about it is the fact unusual that the data collected about users, including MAC address, are encrypted twice. The suspicion is that TikTok has acted in this way to hide Google and Apple that the data it collects about its users since according to Nathan Good, a researcher from the International Digital Accountability Council, that level of additional encryption is not necessary for the protection of privacy.

it is Not the first time that TikTok is discovered with their hands in the cookie jar. In June, in fact, when Apple released the first beta version of iOS 14 for developers, some of these have noticed something strange. iOS 14, in fact, allows those who own an iPhone or an iPad of Cupertino to know when another application has access to our data. In a video shown on Twitter, you can see how the system informs that TikTok are pasting everything you write on Instagram, its main rival .

Okay I know TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification pic.twitter.com/OSXP43t5SZ

— Jeremy Burge (@jeremyburge) June 24, 2020



The company defended itself saying that it was a measure of anti-spam and would be removed. These practices, however, demonstrate the foresight of the Italian Garante Privacy that already in January, well before this news came to light, was moved to ask the board of european authorities to open an investigation on the app to chinese .

But check what they do to their users when they don't use their app is not only practice of TikTok. Although now Facebook tend to emphasize the danger of the apps that do not share american values, as Zuckerberg has done to the recent testimony to Congress, also Menlo Park is no stranger to such practices.

Two years ago, in fact, Apple was costetta to ban the app Onavo Protect , which apparently offered a VPN service just to navigate safely away from prying eyes. Pity that the app, bought by Facebook, was the Trojan horse used to figure out that the app used by the users and he then led the acquisition of WhatsApp .

This shows how a total lack of respect for privacy has an effect not only on the citizens whose privacy has been violated, but also on the competition. If the giant tech companies get privileged information to improve their algorithms, obtaining therefore a competitive advantage compared to other apps, or to understand which app will become the next big thing and then buy it, copy it or crush it, this has a huge impact on the competition. The result is that those who are great continues to be great and becomes more of a gatekeeper because she manages to have the strength to block the growth of other apps, as denounced by the us Congress .





Powered by Blogger.