Guy Who Reverse-Engineered TikTok Reveals Scary Things About the App, Advises People To Stay Away From It

Guy Who Reverse-Engineered TikTok Reveals Scary Things About the App, Advises People To Stay Away From It

Just like its senior colleague Facebook, the king of alleged privacy invasion scandals, TikTok has had a quite bumpy run since its debut in 2016. Owned by the Chinese company ByteDance and available in 153 countries, TikTok started off as a video app where people made short lip-syncing videos, and today, over 800 million people use the app to do a variety of cool stuff. In 2019, it was the fourth most popular free iPhone app on the Apple store [1]. TikTok even gained more popularity this year during the coronavirus quarantine period when people were bored out of their minds and had to sit at home for months.  With a $75 billion-dollar worth as of August 2020, TikTok has joined the networking apps big league, and of course, it’s going to answer a lot of big-league questions.

China has seldom been in good terms with many countries on the technology front, and on June 29, 2020, TikTok and 223 other Chinese apps were completely banned from India [2]. Effected by the country’s Ministry of Electronics and Information Technology, a press release following the ban stated that the as were “prejudicial to sovereignty and integrity of India, defense of India, security of state and public order”. 

Toeing the same line, President Donald Trump of the United States issued executive orders that would effectively ban TikTok from the American social media space, alleging that the app stores American user data in Chinese shores and was a potential threat to national security [3]. The ban was supposed to be implemented on September 20, 2020, but federal judge Carl Nichols temporarily blocked the ban in defense of TikTok’s legal suit. TikTok fired back at Trump’s claims, saying that American user data is stored in the U.S. with backups in Singapore. 

With millions of users agitating against the ban and others moving away for fear of invasion, the fate of TikTok in the U.S. still hangs in the balance.

This software engineer shared some pretty disturbing findings on TikTok

Earlier this year in May, a Reddit user named “bangorlol who claims to have over 15 years’ experience in software engineering shared his discoveries upon assessing the code field of TikTok’s backend. Bangorlol says he reverse-engineered TikTok and is now warning people to desist from using the app. More importantly, alleges that the TikTok is very intrusively tracking user data, even more than Facebook, Instagram, and Twitter. Amongst many other issues, he warns against the many pedophiles and predators that are rife on TikTok brainwashing young children into performing raunchy acts for their entertainment.

In an interview with Bored Panda, Bangorlol described his far-reaching experience with reverse-engineering apps [4]

“The last several years of my career has been based around reversing mobile applications, analyzing how they work, and building additional third-party functionality around them,” he said. “A rough example would be me noticing that Twitter doesn’t show you a sequential timeline (no idea if they do or not) on the website but does on the app. I’d go into the Android or iOS version, find the requests that get the correct data, and build a third-party tool (app, website, browser extension) to give users this functionality.”

While he was able to work his way through TikTok’s code mine, he explains that the app is actually pretty secure from the host company’s end and has a lot of protocols in place to prevent hackers from gaining access. 

“TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (Bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,” Bangorlol explained.

Bangorlol notes that it’s been quite a while since he made his findings on TikTok and possibly, the company has reviewed its software to fit into acceptable standards. TikTok certainly doesn’t qualify to be categorized as a “malware” app, but Bangorlol believes people have so wrongly gotten used to having their privacy invaded that they are no longer bothered by these issues.

“The general consensus among most ‘normal’ people is that they can’t/won’t be targeted, so it’s fine. Or that they have nothing to hide, so ‘why should I even care?’ I think the apathy is sourced from people just not understanding the security implications (at all levels) of handing over our data to a foreign government that doesn’t discriminate against who they target, and also doesn’t really have the best track record when it comes to human rights,” he said.

Here’s what other people had to say: 

References

  1. 50 TikTok Stats That Will Blow Your Mind in 2020.” Influencer Marketing Hub. Retrieved October 5, 2020.
  2. India Bans Nearly 60 Chinese Apps, Including TikTok and WeChat.” NY Times. Maria Abi-Habib. Retrieved October 5, 2020.
  3. TikTok’s US ban is on hold. What comes next?CNN. Selina Wang. Retrieved October 5, 2020.
  4. Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It.” Bored Panda. Rokas Laurinavicius. Retrieved October 5, 2020.
#Life