Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It

Most of us have heard of the TikTok application, but not so many are aware of the security risks it poses. A senior software engineer with 15 years expertise to back up the theory; has advised to steer clear of this application. Facebook got itself into a sensitive data scandal when it found that Cambridge Analytica was not as clear cut as as it seemed to be and also Instagram confirmed a security issue exposing user accounts and phone numbers , but even these two social media giants don’t come close to the issues TikTok presents.

A Reddit user bangorlol made a comment  about 2 months ago regarding TikTok and laid claim to have effectively reverse-engineered the app. He distributed what he had discovered about this Chinese vide0-sharing social networking application and highly recommended that all people should stop using it ever again. Reasons being because of its tracking and the invasion of privacy, among other issues. This information is most disturbing considering how many people of all ages have used, or are still using the app. It is noteworthy that TikTok was the 4th most popular free iPhone app download in 2019,

Image credits: Marco Verch

 

 

Bangorlol is not a new kid on the block when it comes to analyzing applications. He explains, “The last several years of my career has been based around reversing mobile applications, analyzing how they work, and building additional third-party functionality around them,” he said. “A rough example would be me noticing that Twitter doesn’t show you a sequential timeline (no idea if they do or not) on the website but does on the app. I’d go into the Android or iOS version, find the requests that get the correct data, and build a third-party tool (app, website, browser extension) to give users this functionality.”

“Lately, it mostly involves reversing my company’s partner APIs so we don’t have to wait for them to create something custom for us. I hunt bug bounties when I’ve got the time, or help my friends out with theirs (or their CTF challenges). I like security in general and typically find at least a few major flaws whenever I change employers. I’m kind of a ‘jack of all trades’ kind of guy in the sense that I’m comfortable in most areas of software engineering and mostly pretty okay with many security topics.”

It took a mere 200 days for the Chinese crew to develop the initial version of TikTok, and usually these apps are so secure that you cannot ‘mess’ with their code – but along came Bangorlol and it didn’t stand a chance against his adept talents!

Bangorlol explained “TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,”

According to a report from Bloomberg  the dramatic rise in the attraction of TikTok have increased the profits for its owner ByteDance to net a profit of $3 billion last year.  You can understand the secrecy that clouds these apps.

“The general consensus among most ‘normal’ people is that they can’t/won’t be targeted, so it’s fine. Or that they have nothing to hide, so ‘why should I even care?’ I think the apathy is sourced from people just not understanding the security implications (at all levels) of handing over our data to a foreign government that doesn’t discriminate against who they target, and also doesn’t really have the best track record when it comes to human rights,” Bangorol said.  He also mentioned that our society have become so accepting of just sharing our personal information with a sense of almost no regard of our privacy and security.  The fact that TikTok has been ‘freely’ given our data and our cash is no real surprise.

“The app could’ve changed fingerprinting techniques or added/removed some of the nasty things they do. I strongly encourage security researchers who are much smarter than me and have more free time to take a look at the app and scrutinize every little detail they can. There’s a lot of stuff going on in the native libraries for at least the Android version that I wasn’t able to figure out and didn’t have the time to investigate further,” Bearing in mind too that Bangorlol had made his findings public a while ago and has yet to touch the app since then.

“TikTok might not meet the exact criteria to be called “Malware”, but it’s definitely nefarious and (in my humble opinion) outright evil,” Bangorlol said. “There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”

Here’s what people said after going through TikTok’s issues

Via bored panda

Bookmark the permalink.

Comments are closed