A Reddit User Has Reverse Engineered TikTok to help spread the message – “Get Rid of It, it is Chinese Malware!”

• Reddit user “bangorlol” has reversed engineered the TikTok app in order to figure out how it operates as a software program.
  
• After his findings, he concludes that “TikTok is essentially malware that is targeting children”

When it comes to social media platforms, Tiktok is currently one of the most, if not the most popular social media platforms in 2020. The Chinese based Social media app has exploded in popularity given the current on-going COVID19 pandemic that has forced people to stay at homes in order to comply with quarantine rules. Since then, it has become a global phenomenon with millions of users around the world using the app as a means of sharing things.

However, as time went on, some technologically savvy users have started to come up with claims that Tiktok is not what it seems to be. The hugely popular app is said to be Chinese Malware in disguise of a social media app. Not too long ago, which was during late October of 2019, it was reported that US lawmakers saw TikTok as a threat to national security, especially with its ties with China.

Two months ago, a reddit user “bangorlol” made a reddit thread where he shared some findings about how the TikTok app operates after reverse engineering said application. Since then, his reddit thread which he created two months ago has surged in popularity, garnering 2,100+ (more than 2.lk) comments with many more users asking for the validity of bangorlol’s findings.

tl;dr; I’m a nerd who figures out how apps work for a job

– reddit user bangorlol describes what he does for a living (Software Engineer)

Here are some of his basic findings on how TikTok works:

“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.”

bangorlol’s findings on what the app tries to extract from the user

• Phone Hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
• Other installed apps
• Everything Network related (ip, local ip, router mac, your mac, wifi access point name)
• Whether you are rooted or jailbroken
• “Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC”
• “They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication”

Other observations on how TikTok quirks

• Not HTTPS for the longest time – according to bangorlol, Tiktok not using HTTPS (Hypertext Transfer Protocol Secure) was the reason why TikTok has leaked users’ information such as email addresses, secondary email addresses, real names and birthdays in its HTTP REST API.

• “Taste of Virality” – According to bangorlol, Tiktok entices first time users to stay on the platform by letting a first time user’s post be viral enough to easily garner reactions (likes) regardless of its quality.
  
• “they (TikTok) don’t want you to know how much information they’re collecting on you” – According to bangorlol’s findings, Tiktok encrypts all of the analystics requests with an algorithm that changes whenever the app updates. This makes it difficult for other software engineers or anyone related to online cyber security to easily hijack any information from the app.

Can TikTok be dangerous?

bangorlol shares some accounts of him reporting online predators from the platform

there’s also a ton of creepy old men who have direct access to children on the app, and I’ve personally seen (and reported) some really suspect stuff. 40-50 year old men getting 8-10 year old girls to do “duets” with them with sexually suggestive songs. Those videos are posted publicly. TikTok has direct messaging functionality.

– bangorlol further detailing how Tiktok can be dangerous to children.

Addiontally, bangorlol has compared how the platform app works in relation to other social media mobile apps such as Facebook, Reddit, Twitter, and Instagram. According to his observations, the other mentioned apps don’t collect as much information compared to that of TikTok.

bangorlol ended his post with a simple message:

TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it.

– bangorlol’s conclusive statement urging everyone to delete the app and prevent everyone else from using it.

Given what information has been shared about Tiktok thanks to the findings of bangorlol and other users who have joined to help with his research, it seems that there will be more calls to action from other countries to ban TikTok from use.

Other related news regarding TikTok

On June 30, 2020, it was reported that India has banned the use of TikTok and other Chinese based Mobile apps in the country over what they claim as cyber security concerns. While there are some people who would dispute that India’s banning of several Chinese based mobile apps from their country was more of a protest, given what information has spread within the following hours, India may have validated their reasons of protecting its country’s cyberspace.

Additionally, the online activist group simply known as “Anonymous” has begun a campaign against TikTok itself, urging all users to delete the app and prevent others from using it as well.

Conclusion

We urge all individuals to think for themselves if they want to believe all of this shared information to be true or otherwise. If you choose to believe that Tiktok is indeed “Chinese Malware” that is a danger to you and your friends and family, we urge that you quickly tell them all of this information that you have read, and all of the information we have gathered thanks to the sources we have found and used.

Sources:

• bangorlol’s reddit thread of him sharing information about TikTok
• TikTok banned from India
• US Lawmakers claim that TikTok is a threat to National Security
• Anonymous’ Twitter account (@YourAnonCentral)