A guy on reddit reversed engineered #TikTok

Here’s what he found on the data it collects on you

It’s far worse than just stealing what’s on your clipboard:
Just going to link this here about India banning #tiktok

https://twitter.com/zeenewsenglish/status/1277623927569670144?s=21">https://twitter.com/zeenewsen... https://twitter.com/zeenewsenglish/status/1277623927569670144">https://twitter.com/zeenewsen...
Here’s the Penetrum research link (should be the fifth link down):

https://penetrum.com/research ">https://penetrum.com/research&...
Here& #39;s a decent write up of what all of this "Security risk mumbo jumbo" could mean:
Adding this response to the thread from @wbm312 (Whitney Merrill), a privacy and Infosec lawyer, who’s well educated in the subject matter https://twitter.com/wbm312/status/1277781594174971904?s=21">https://twitter.com/wbm312/st...
Adding a video where the twitter user has iOS 14 beta

He’s recording how, as he types, every 1-3 characters later, #TikTok is “pastin” whatever is on his clipboard somewhere

Please read his analysis thread, this is also scary if truly nefarious:

https://twitter.com/jeremyburge/status/1275832600146391042?s=21">https://twitter.com/jeremybur... https://twitter.com/jeremyburge/status/1275832600146391042">https://twitter.com/jeremybur...
Someone tweeted at me a recording of the various IP connections that Tik Tok uses on his android device using a firewall app

I’m going to add it to the thread in case someone wants to do more research or test the findings for themselves:

https://twitter.com/yungdubs/status/1278358144163418113?s=21">https://twitter.com/yungdubs/... https://twitter.com/yungdubs/status/1278358144163418113">https://twitter.com/yungdubs/...
Adding an article from inCyberdefense discussing #tiktok, tweeted by @YourAnonCentral, for transperancy to this continued thread https://twitter.com/youranoncentral/status/1278411143266971648?s=21">https://twitter.com/youranonc...
this is not #tiktok but it’s linked in, performing the same clipboard copying behavior

This is part of the social media apps privacy concerns, so I’m adding it to spread awareness

See below https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇🏻" title="Rückhand Zeigefinger nach unten (heller Hautton)" aria-label="Emoji: Rückhand Zeigefinger nach unten (heller Hautton)">
https://twitter.com/doncubed/status/1278757106468806656?s=21">https://twitter.com/doncubed/... https://twitter.com/doncubed/status/1278757106468806656">https://twitter.com/doncubed/...
Adding the following tweet regarding the US looking into banning #TikTok per @SecPompeo

https://twitter.com/jmhansler/status/1280337007248629760?s=21">https://twitter.com/jmhansler... https://twitter.com/jmhansler/status/1280337007248629760">https://twitter.com/jmhansler...
Also found this thread that links a number of articles, including Australia looking into banning #tiktok

https://twitter.com/sisu_sanity/status/1279917262682697729?s=21">https://twitter.com/sisu_sani... https://twitter.com/sisu_sanity/status/1279917262682697729">https://twitter.com/sisu_sani...
Here’s the @CNN article regarding the US banning #TikTok and Chinese apps

“The United States is & #39;looking at& #39; banning TikTok and other Chinese social media apps, Pompeo says”

Adding to the thread https://cnn.it/2C8vctI ">https://cnn.it/2C8vctI&q...
Adding the updated Zimperium article to the thread

On their latest analysis, of the updated versions of #TikTok (since the analysis was 1st ran, the app has been updated many times), it shows:

Android security & privacy numbers dipped vs iOS which rose

https://twitter.com/zimperium/status/1281205038371819523?s=21">https://twitter.com/zimperium... https://twitter.com/ZIMPERIUM/status/1281205038371819523">https://twitter.com/ZIMPERIUM...
So @PenetrumSec did a follow up security analysis of #tiktok

Linking to the thread

It’s a 673 page analysis which can be found here, in PDF format:

https://penetrum.com/tiktok/follow_up_analysis.pdf">https://penetrum.com/tiktok/fo...
The OP of the original reddit post has created an update (added the screenshot)

He is now enlisting members to assist and aid in the reverse engineering of #tiktok since his original post got so much attention

The reddit project is here: https://www.reddit.com/r/tiktok_reversing/">https://www.reddit.com/r/tiktok_...
Adding another tweet from @PenetrumSec in regards to a lot of replies that I’ve seen as well:

“Why is this so bad if all other apps do it?”

https://twitter.com/penetrumsec/status/1283499159211958273?s=21">https://twitter.com/penetrums... https://twitter.com/PenetrumSec/status/1283499159211958273">https://twitter.com/PenetrumS...
You can follow @d1rtydan.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: