Australians are being warned to delete TikTok from their phones after a new report from cybersecurity experts found sensitive information was being sent back to China.
The Internet 2.0 security firm has cracked the source code of the popular video-sharing platform – downloaded by more than 7.5 million Australians – to find out how a dataset is being targeted without the knowledge of the user.
The Beijing-backed app digs into smartphone calendars, contact list and scans device ID and hard drive to monitor any other apps that have been installed.
TikTok also checks the location of the device at least once every hour and will persist in seeking data from contacts even if permission is denied, according to the report.
Mainly used by young people under the age of 18, the platform that beat Google to become the most popular website in the world in 2021, consists largely of short dance videos and is widely considered harmless.
But with the communist superpower a world leader in data collection, AI and facial recognition software, there are fears that TikTok could be used by Beijing to spy on young people in the west.
Australians are being warned to remove TikTok from their phones after a new report from cybersecurity experts found sensitive information was being sent back to China (stock image)
Robert Potter Internet 2.0 CEO has accused TikTok and its parent company ByteDance of being misleading.
“Their source code contradicts their public statements about how their app works,” he told the Nine Network.
TikTok says all user data in the region is hosted in Singapore and is only accessible to a small number of people who need it to maintain the site.
“The IP address is in Singapore, network traffic does not leave the region and it is categorically false to suggest there is communication with China,” the company said in a statement.
However, Mr Potter said his team had identified that on Apple smartphones the app was connecting to servers in China, but they could not tell what information was being sent.
“There were heavy traffic flows to servers in China,” he said.
In the report, which was distributed to Australian and US politicians, Internet 2.0 said TikTok was not transparent about what data was requested and where it went.
Beijing-backed app digs into users’ smartphone calendars, contact list and scans device ID and hard drive to monitor any other apps that have been installed
“During the analysis, we could not determine with a high degree of confidence the purpose of the connection or where user data is stored,” the report said.
“The connection to the Chinese server is managed by Guizhou Baishan Cloud Technology, a cloud and cybersecurity company.
“The subdomain connected to the Chinese server connection has been resolved in multiple locations around the world, including China.”
TikTok also requested access to external storage in a way it deemed “excessive”.
“This is a standard command for a social media application to store videos and images,” the report said.
“The aspect that we call overkill is that TikTok doesn’t just fetch the ability to see the folders, it fetches a list of whatever is available in the external storage folder.”
The report says the app gathered more information than it needed to work.
“The TikTok mobile app was designed with a culture that does not make privacy a principle, as most of the permissions and device information collected is more than necessary for the app to function,” the report said.
China is a world leader in data collection, AI and facial recognition software and there are fears that TikTok could be used by Beijing to spy on young people in the west. Pictured: Chinese President Xi Jinping
TikTok said the information it collects follows standard industry practices and is securely encrypted.
Mr Potter pointed out that since the company is based in China, it is governed by Chinese laws and would be obliged to hand over any data requested by the Communist Party.
“Because it is domiciled and a Chinese company, it is governed first by Chinese law, which means it operates in a very different culture of privacy,” he said. -he declares.
Under Chinese law, organizations and individuals are required to “support, assist and cooperate with state intelligence work”.
TikTok said its employees would never share information with the Chinese government and were never asked to do so.
Liberal Senator James Paterson called on the government to act and ban the app.
“It was worrying enough to learn recently that user data is accessible in mainland China,” Paterson said.
“It is frankly alarming to find out exactly what data is being collected from TikTok users, and how useless it is.”
“It’s hard to think of an innocent reason why excessive data is being collected, especially since it can be obtained by the Chinese government.”
“The Albanian government must stop sitting still and act to protect the cybersecurity and privacy of Australians.”
Sharing information with TikTok can be restricted through phone settings and is more restricted on PCs.
Liberal Senator James Paterson (pictured) has expressed concern over TikTok’s data collection and potential use by China
However, some experts say the only sure way to stop the app from collecting data is to get rid of it.
ANU data encryption expert Vanessa Teague said the app could collect financial and payment information, messages, photos and videos; audio and sound recordings as well as web browsing history.
Even blocking location info on the app wouldn’t work if the videos were tagged with GPS location.
Dr. Teague had concise advice for those worried about privacy.
“Delete the app,” she told SBS.
‘TikTok is less transparent… than Facebook [and] tends to be less guarded (as it is) based in a less democratic country.
Daily Mail Australia has contacted TikTok for further comment.