• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

TikTok Engaging in Excessive Data Collection

You are here: Home / General Cyber Security News / TikTok Engaging in Excessive Data Collection
July 18, 2022

TikTok has been engaging in excessive facts collection and connecting to mainland China-dependent infrastructure, Internet 2. has claimed in a new white paper.

The most current report, overseen by Internet 2.0’s head security engineer Thomas Perkins, is an evaluation of “the resource code of TikTok mobile applications Android 25.1.3 as perfectly as IOS 25.1.1”, with Internet 2. carrying out static and dynamic testing in between 1 July to 12 July 2022 that targeted on machine and consumer information collection.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The report determined various circumstances of unwarranted knowledge harvesting, including:

  • Machine mapping
  • Hourly checking of machine area
  • Persistent calendar accessibility
  • Continuous requests for entry to contacts
  • Machine facts

Intensifying the overreach issue is the sheer quantity of buyers on TikTok and its popular market place posture, where by in accordance to the report the application has over 1 billion lively buyers globally as of September 2021.

The whitepaper goes on to notice that TikTok IOS 25.1.1 has a server relationship to mainland China, which Internet 2. believe that is operate by Chinese cyber security and information corporation Guizhou Baishan Cloud Technology Co., Ltd. Regardless of TikTok asserting that person facts is stored in Singapore and the US, the report identified proof of “many subdomains in the IOS application resolving all all-around the world”. This involved Sydney, Adelaide and Melbourne (Australia), Utama and Jakarta (Indonesia), Kuala Lumpur (Malaysia), and Baishan (China). The report’s examination could not confidently determine “the intent for the China Server link or where by person facts is saved.”

The paper concluded by stating that for TikTok to run correctly, most of the observed obtain and gadget facts assortment is pointless, with the application able to run productively “without any of this details remaining gathered.” From this, Internet 2. deduced that the sole intent this information is being collected is for information harvesting. The report’s conclusion also mentioned the application’s persistent behaviour of inquiring for end users to reverse their preference decisions to access sought-following details.   

Internet 2. place all of their investigate to TikTok for comment and verification. Even so, the software company refused to go on the record about the information of their China-based infrastructure.


Some pieces of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News TikTok Engaging in Excessive Data Collection
Next Post: DCMS Sets Out Proposal For New AI Rulebook Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.