TikTok Security Concerns

Do what thou whilt shall be the whole of the law.


The following is a compilation of excerpts from various websites and news sources that detail various social and software security concerns over the behavior and use of the TikTok app. The sources used are all listed below under “Sources”. Any one of these alone is reason enough to never install it on any of your devices. I recommend to never install the app (though watching the videos in Firefox is probably fine) and never trust anything you see there too much.


TikTok has a long list of very real privacy scandals under its belt. In December 2022, the company admitted that employees had spied on reporters using location data, in an attempt to track down the source of leaked information…TikTok also reportedly planned to surveil the locations of specific U.S. citizens using location data from their devices, Forbes reported last October.

TikTok also engages in what some observers have called invasive tracking measures against ordinary users. These tactics include prompting users to let TikTok harvest their phone contacts lists, as a way of connecting users who already know each other on the app. Even if you refuse to give TikTok access to your contacts, it will still prompt you to follow people who have your number in their phone contacts lists.

Chinese national security laws can compel foreign and domestic firms operating within the country to share their data with the government upon request, and there are concerns about China’s ruling Communist Party using this broad authority to gather sensitive intellectual property, proprietary commercial secrets and personal data…the company has come under increasing scrutiny in recent months, and in July it acknowledged that non-U.S. employees did in fact have access to U.S. user data.

China-based ByteDance employees have repeatedly accessed non-public data (like phone numbers and birthdays) of U.S. TikTok users. Separately, Forbes reported in October that ByteDance planned to use TikTok “to monitor the personal location of some specific American citizens,” which the company denied.

Chinese law essentially requires companies to do whatever the government wants them to in terms of sharing information or serving as a tool of the Chinese government. And so that’s plenty of reason by itself to be extremely concerned.

“This is not something you would normally hear me say, but Donald Trump was right on TikTok years ago,” Warner told Australia’s Sydney Morning Herald. “If your country uses Huawei, if your kids are on TikTok … the ability for China to have undue influence is a much greater challenge and a much more immediate threat than any kind of actual, armed conflict.”

lawmakers said the app can track users’ locations and collect internet browsing data even from unrelated websites — adding that Beijing could develop profiles on millions of Americans for blackmail or espionage purposes, as well as collect sensitive national security information from U.S. government employees.

They also worried about potential abuses of TikTok’s algorithm, and specifically that it could “be used to subtly indoctrinate American citizens” by censoring some videos and promoting others.

“TikTok has already censored references to politically sensitive topics, including the treatment of workers in Xinjiang, China, and the 1989 protests in Tiananmen Square,” they wrote. “It has temporarily blocked an American teenager who criticized the treatment of Uyghurs in China. In German videos about Chinese conduct toward Uyghurs, TikTok has modified subtitles for terms such as ‘reeducation camp’ and ‘labor camp,’ replacing words with asterisks.” The lawmakers called this an especially frightening prospect given how many adults get their news from TikTok.

And Aynne Kokas, a professor of media studies and the director of the East Asia Center at the University of Virginia, says it is “part of a larger Chinese government effort to expand extraterritorial control over digital platforms.”

TikTok, the smartphone app beloved by teenagers and used by hundreds of millions of people around the world, had serious vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information, according to research published Wednesday by Check Point, a cybersecurity company in Israel.

The weaknesses would have allowed attackers to send TikTok users messages that carried malicious links. Once users clicked on the links, attackers would have been able to take control of their accounts, including uploading videos or gaining access to private videos. A separate flaw allowed Check Point researchers to retrieve personal information from TikTok user accounts through the company’s website. “The vulnerabilities we found were all core to TikTok’s systems,” said Oded Vanunu, Check Point’s head of product vulnerability research.

Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution. All these vulnerabilities could have been exploited by a hacker if a user had installed a malicious app onto their Android device. Since the path was fully controllable by the attacker, this provided read-only access to arbitrary files. An attacker could therefore gain access to any files stored in the app’s private directory, and also to history, private messages, and session tokens, resulting in complete access to the user’s account. The vulnerability could have been exploited by an app that was only run once and then, say, deleted. The library would have been written to the app’s private directory and could have been loaded by the app even after the phone was rebooted or the app restarted.

TikTok uses a technique equivalent to keylogging in its in-app browser. “TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app,” Krause wrote in the report. “This can include passwords, credit card information and other sensitive user data.”

The flaw in TikTok’s Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app. Microsoft disclosed a verification bypass vulnerability in TikTok’s Android application, raising concerns about the security and functionality of the popular social media app. Microsoft detailed the TikTok vulnerability, tracked as CVE-2022-28799, which could enable threat actors to hijack accounts and publicize private videos, send messages and upload videos under the users’ accounts.

TikTok Inc. illegally tracks user activity on third-party websites through its integrated web browser, in violation of the Federal Wiretap Act, according to a proposed class action filed in Illinois federal court that echoes earlier claims from consumers. When a user clicks on a link in TikTok, the app opens the page via an “in-app browser” that uses code to track interactions with the website in an effort to increase advertising profit, said the lawsuit filed Friday in the US District Court for the Northern District of Illinois.

TikTok gathers data on people who don’t even use the app itself. …the company embeds a tracker called a “pixel.” Pixel gathers user data from these websites…Among other data, TikTok collects the IP address; a unique number; the page a user is on; and what they’re clicking, typing, or searching for.


Sources:
https://time.com/6265651/tiktok-security-us/
https://www.npr.org/2022/11/17/1137155540/fbi-tiktok-national-security-concerns-china
https://www.nytimes.com/2020/01/08/technology/tiktok-security-flaws.html
https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/
https://www.techtarget.com/searchsecurity/news/252524495/Microsoft-discloses-high-severity-TikTok-vulnerability
https://news.bloomberglaw.com/privacy-and-data-security/tiktok-faces-latest-lawsuit-over-in-app-browser-data-tracking
https://www.malwarebytes.com/blog/news/2022/10/tiktoks-secret-operation-tracks-you-even-if-you-dont-use-it/amp


Beyond just the app itself, the company’s policies and treatment of their employees is not unlike that of the CCP and its social score system. I highly recommend researching that topic in depth.


TikTok is cracking down on remote work with an app to track in-office attendance. The social media company has implemented a new internal software called MyRTO — or my return to office — this month. The app part of its mandate requiring US employees to work from office at least three times a week. Some employees may have to work from office for the entire five-day work week. According to The New York Times, MyRTO tracks badge swipes that employees make when entering office premises. Employees will be asked to explain “deviations” from expected in-office attendance. The badge swipe data will be analysed by employee supervisors and HR staff. The report further said that employees were warned that “any deliberate and consistent disregard may result in disciplinary action” and could even impact their performance reviews. A section of the TikTok workforce has voiced its “frustration and dismay” over the attendance policy. TikTok, owned by the Chinese company ByteDance, employs around 7,000 people in the United States across major cities like New York and Los Angeles. Last year in October, it implemented a strict return-to-office policy as the coronavirus pandemic subsided. Workers were told they would be fired if their home address did not match the address of their office.


Source:
https://www.moneycontrol.com/news/trends/tiktok-employees-annoyed-by-app-to-track-in-office-attendance-threats-of-punishment-11390731.html


Love is the law, love under will.

Concerned,
Vanessa

Some Emotions Concerning Animal Crossing

Do what thou whilt shall be the whole of the law.

Animal Crossing has been one of my all-time favorite games, especially when I was younger. I played the various games an untold number of hours, especially the handheld versions.

It sucks Nintendo shut down the 3DS servers. There were so many dream towns I loved visiting in Animal Crossing. Yes, now we have New Horizons but I’ll be honest, I don’t like t as much as New Leaf. Granted, I do enjoy the new mechanics like crafting, but I still think New Leaf was the best one of the series. New Horizons is fun, don’t get me wrong, but It’s missing quite a lot of things that were there in New Leaf. I especially loved the way the town area was handled. No more riding a train there like in City Folk. It’s just to the north of your map. Club LOL was one of my favorite places when DJ KK was performing. I love how it let you dance with the + pad.

Yes, I know New Horizons keeps adding stuff, and that’s cool, but just something about the setting, the presentation, etc that I really connect with. I honestly wish Animal Crossing was a PC game that just got new updates & DLC but otherwise left the formula alone. I hate having to start a brand new town every time a new game comes out. I hate when they remove features but I understand why they do that. It’s still a good game though and I very much enjoy planing it when I do. I just feel it would be better if you could carry on things from previous games. I’m especially in love with the sound effects and music of Population Growing. They’re very nostalgic to me. It is what it is though, and Nintendo being Nintendo isn’t gonna want to change up what they’re doing when it’s working for them and the games are well worth it anyway.

There is a game called Hokko Life that’s on Steam that’s like Animal Crossing but despite owning it for awhile now and already having it installed on my Laptop, I still haven’t sat down to play it yet. Honestly I’d prefer to play it on the Steam Deck when I get one more than I want to sit in front of the computer to play it. The style of game it is feels like it should be better played on a handheld device. I love that aspect of the Switch that you can use it as both a handheld and a TV based console, but for a lot of games I prefer to use it handheld; those being cozy games primarily.

I know there’s also Castaway Paradise too but I’ve never played it either nor do I own it on Steam yet. I’m not a huge fan of the art style but I do like that it is unique. I feel like games that borrow mechanics from other games are more fun and interesting when they do their own thing and don’t try to copy it too much. That is when the developers let it be its own thing. It is interesting that Castaway Paradise was given an island setting first before Nintendo went the same direction with Animal Crossing.

There’s also Magician’s Quest: Mysterious Times which is somewhat similar of a game in terms of presentation and overall vibes but is very much its own thing. It centers around going to a school of magic. It reminds me of that one TERF franchise and I think that’s what they were aiming at. (They even included a classmate character called Neville) As you can imagine, being for the DS and not even the 3DS it’s more primitive in graphics and the like which is very reminiscent of Wild World.

Love is the law, love under will.

Nostalgic,
Vanessa