Things they found - Excessive data collection - Privacy policies that allow distribution of said data - Execution of OS commands - Insecure cryptography usage - Potential SQL injection code from user defined variables - Storing of API tokens - Webview enabled by default along with insecure webview enabled
But are these things any worse than what other major apps do?
Other social networking and entertainment apps are crammed full of tracking code, analytics, advertising networks, that all collect excessive user data, don't put it in their privacy policies, etc. And similarly, we hear about bad use of cryptography and SQL all the time.
Apps can be pretty bad in general with these things.
Now obviously, apps and code in general should be improved.
But the question here is, is TikTok really that much worse? That it's such a worse threat than others, that it needs to be banned? Because that's what I still don't see evidence of.
All Chinese Internet companies are compelled by the country’s National Intelligence Law to turn over any and all data that the government demands, and that power is not limited by China’s borders. Moreover, this requisition of data is not subject to warrants or courts, as is the case with U.S. government requests for data from Facebook or any other entity;
https://penetrum.com/research
https://penetrum.com/tiktok/Penetrum_TikTok_Security_Analysi...
https://penetrum.com/tiktok/tiktok_15.2.3_static_analysis.pd...
Things they found - Excessive data collection - Privacy policies that allow distribution of said data - Execution of OS commands - Insecure cryptography usage - Potential SQL injection code from user defined variables - Storing of API tokens - Webview enabled by default along with insecure webview enabled