Parece que vai ser o fim do TikTok. Os EUA estão flertando com a ideia de banir o app[1], e eu encontrei mais alguns posts/artigos que falam sobre o quão pesado é a violação de dados através do app. Se você tem um amigo/filho/primo que usa TikTok, fale com ele.
![Tongue](https://bitcointalk.org/Smileys/default/tongue.gif)
Criaram um subreddit chamado
/r/tiktok_reversing para fazer engenharia reversa do app e analisar seu comportamento.
TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.
- Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
- Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)
- Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
- Whether or not you're rooted/jailbroken
- Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
- They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication
https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/fmuko1m/E o pior é que eles - supostamente - podem baixar arquivos de um servidor remoto e executá-los no celular (pelo menos no android).
The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries. [...]
There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
[1]
https://edition.cnn.com/2020/07/07/tech/us-tiktok-ban/index.html