TechScape: suspicious of TikTok? You’re not alone

The Chinese app is known for its aggressive data collection - but it is a fool's errand to prove that it is a threat to the west

• Don't get TechScape delivered to your inbox? Sign up here

What's the problem with TikTok? It's a harder question to answer than it seems. The social video app, which has joined Facebook/Instagram, YouTube and Twitter in the list of societally important social networks, is frequently spoken about with an air of suspicion, and it's not hard to guess why: the app's Chinese roots loom large in the conversation. (ByteDance, which owns TikTok, insists that it is headquartered in the Cayman Islands, one of the only instances I've seen of a company deciding that loudly proclaiming its paper HQ is located in a tax haven is preferable to the alternative). But sometimes, it can feel like the cart leading the horse. The app has Chinese roots, therefore it must be suspicious - right?

So I was interested to read a report that attempts to look at the general suspicion of the service. Published on Monday by the Australian-US cybersecurity firm Internet 2.0, it is based on a teardown of TikTok's Android and iOS apps. The report's author, Thomas Perkins, writes:

In our analysis, the TikTok mobile application does not prioritise privacy. Permissions and device information collection are overly intrusive and not necessary for the application to function.

Also of note is that TikTok IOS 25.1.1 has a server connection to mainland China which is run by a top 100 Chinese cyber security and data company Guizhou Baishan Cloud Technology Co Ltd.

For the TikTok application to function properly, most of the access and device data collection is not required. This leads us to believe that the only reason this information has been gathered is for data harvesting. It is also notable that the device only needs to ask the user for permission to perform each of these actions once and then follow the user's preferences. The application however has a culture of persistent access or continuously asking for a decision reversal by the user. The hourly checking of location is also unnecessary. Finally, device mapping, external storage access, contacts and third-party applications data collection allows TikTok the ability to reimage the phone in the likeness of the original device.