TikTok is a data collection service, don't use it, warns engineer

TikTok, China's highly popular short video sharing platform, continues to make headlines around the world. Just recently, India announced a ban on TikTok along with 58 other Chinese apps over national security concerns, and ahead of this, the ByteDance-owned platform was accused of spying on iPhone clipboards.

Now an engineer who claims to have “reverse-engineered” the platform two months ago has alleged that the app provides users with a taste of "virality" to entice them to stay on the platform. Claiming to have a very strong understanding of how the app operates, he said that TikTok is a data collection service that is thinly-veiled as a social network.

According to the engineer who goes by the name 'bangorlol' on Reddit, the app collects information on phone hardware, network (IP, WiFi APN, and more) and other installed apps on the device. Some of the app's variants, according to him, also had GPS pinging enabled at the time, roughly once every 30 seconds. 

"On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM'd the application," he wrote on a Reddit post.

Bangorlol also claimed to have reversed other social networking apps including Instagram, Facebook, Reddit, and Twitter, adding that these platforms do not collect anywhere near the same amount of data that TikTok does.

Concluding his research findings, bangorlol advised people to stay away from the app. "TikTok is essentially malware that is targeting children. Don't use TikTok. Don't let your friends and family use it," he warned.