None of that matters though. The point is this: TikTok is owned by ByteDance. By definition, ByteDance is owned by the CCP. The CCP currently has concentration camps and is starting to act fairly imperialistic and bellicose. They clearly believe that their method of governance is superior to Democracy and they have ambitions to become the worlds superpower. The point is that they could use this to spy at any point in time if they wanted to even if they aren’t at this very second. The CCP simply cannot be trusted and never should have been in the first place. It is the exact same CCP that led to the death of millions of innocent Chinese during the cultural revolution. They still have portraits proudly displayed of Mao Zedong FFS.
> .. understand what data does TikTok regularly send back to its servers. I decrypted the content of the requests and analysed it. As far as we can see, in its current state, TikTok doesn’t have a suspicious behavior and is not exfiltrating unusual data. Getting data about the user device is quite common in the mobile world and we would obtain similar results with Facebook, Snapchat, Instagram and others.
Thanks for excellent technical analysis! I personally enjoyed reading your article. However, to my knowledge, no decision maker is interested to learn the technical details. Don't we know already this tiktok is just in the US-China cross fire?<p>Our American friends are interested to teach our Chinese friends lessons by hitting hard on their public business faces. Never mind not talking about thousands of real state investments by Chinese people in US cities. Never mind, not talking about CCP atrocities on the Xinjiang people going way back at least 15 years (since when I am following).<p>It's not support for humanity, it's not about sudden urge for national security, it's about politics and populism.
It's important to say that BURP only deals with http like requests ( http/https websockets ) and the app can be sending/receiving data via other protocols, the same way you can't see whatsapp messages via burp [0]<p>[0] - <a href="https://security.stackexchange.com/questions/153944/burp-with-whatsapp" rel="nofollow">https://security.stackexchange.com/questions/153944/burp-wit...</a>
I think America not allowing any Chinese product is not tenable and is a rejection of free markets. We must have a way of making them safe, providing penalties for violations of people's safety, and oversite provided by independent corporate entities
I recall reading somewhere:<p>In China, you can change the policies, but you can't change the party. In America, you can change the parties, but you cannot change the policy.
Clearly apps ecosystem badly needs end-to-end encryption which is exclusively installed and applied by each enduser party not by server side which is easily circumvented by powers to be ... also to obfuscate who endusers are we also need a tor router like ecosystem ... until these layers become available everyone is simply rearranging deck chairs on the Titanic of mass surveillance
TikTok is a company, and has many competitors, there would not be any issue for anyone to develop a tiktok copycat. Why should it be banned under a free market? Plenty of silicon valley leadership have their political allegiance. Why would that be a problem for the users?
TL;DR: nothing<p>I would be shocked to see solid proof that tiktok is substantially more intrusive than snapchat or instagram. Data collection should be limited at the OS level anyway.<p>The only crime of tiktok is being chinese.