Create a free account, or log in

TikTok is connecting with Chinese servers, says Aussie cybersecurity company

Australians need assurances their data is safe, but Internet 2.0 CEO Robert Potter says TikTok has a history of not being clear about what it does.
Cam
Cam
tiktok
Source: The Conversation.

A deconstruction of the TikTok source code reveals that phones running the short video app are communicating with Chinese servers despite promises that user data is being stored only outside China, a report released by an Australian cybersecurity company shows.

Internet 2.0 published a technical analysis of the TikTok application on both android and iOS devices, which breaks down what data the company has access to on usersโ€™ phones.ย It observed the Apple version of the application connecting to a server run by Chinese security company Guizhou BaishanCloud Technology Co Ltd, located in mainland China.

โ€œWe could not determine with high confidence the purpose for the connection,โ€ the report says.

TikTokโ€™s parent company, ByteDance, denies the connection. In a statement toย Crikeyย it rubbished the report:

The IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China. The researchersโ€™ conclusions reveal fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims.

The appโ€™s communication with a Chinese server is not proof that ByteDance is sending user data to China. Similar applications such as Facebook or Telegram send server requests all over the world for myriad reasons, including for operating advertising networks or, indeed, sending and receiving user data. How and where apps send data can be extremely convoluted and difficult to entangle โ€” even for people with access to the full source code.

However, the uncertainty about the purpose of this connection denied by ByteDance will feed concerns about the Chinese-owned app and the lack of transparency. Internet 2.0โ€™s co-CEO Robert Potter toldย Crikeyย its analysis found the appโ€™s infrastructure appeared to be less separate from China than it has said publicly.

โ€œTikTok has a history of not being clear about what it does,โ€ he said. โ€œThey have to give Australians assurances that their data is being respected and their privacy is protected.โ€

The report also details what it calls โ€œexcessive data harvestingโ€ by the TikTok application. This includes hourly checking of the deviceโ€™s location; the deviceโ€™s unique identification details, calendar and contacts; a mapping of all the other applications on the phone; and more. These details are not required to run the app, but it does ask users for permission for this access.

The company defended its data collection as being in line or less than its competitors: โ€œWe collect information that users choose to provide to use and information that helps the app function, operate securely and improve the user experience.โ€

Last week TikTok Australia confirmed that ByteDance employees โ€”ย including those in China โ€”ย can access Australiansโ€™ data despite it being stored in US and Singapore servers. As Fergus Ryan wrote inย Australian Strategic Policy Instituteโ€™sย The Strategist, the serverโ€™s whereabouts are essentially irrelevant: โ€œThe location in which any data is stored is immaterial if it can be readily accessed from China.โ€

These new revelations prompted opposition spokesman on cybersecurity and countering foreign interference James Paterson to ask the federal government to โ€œinvestigate all possible regulatory responses to protect Australiansโ€™ privacy and cybersecurityโ€.

Home Affairs Minister Clare Oโ€™Neil said the government has seen the report and urged individual caution.

โ€œAustralians need to be mindful of the fact that they are sharing a lot of detailed information about themselves with apps which arenโ€™t properly protecting that information,โ€ she said. โ€œI hope it concerns Australians because it certainly concerns me.โ€

This article was first published by Crikey.