Just to add: Scanning networks to gather data seems pretty popular these days - smart tvs have done so, and even the ebay site used to portscan visitors [1].<p>[edit] And of course, there's WebRTC leaking your local IP - which ublock origin can specifically block [2].<p>[1] <a href="https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/" rel="nofollow">https://www.bleepingcomputer.com/news/security/ebay-port-sca...</a><p>[2] <a href="https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address" rel="nofollow">https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-l...</a>
They used to check your clipboard the whole time too.<p>They use the local network as one of their sensors to identify you (fingerprinting). However they have plenty more (see their privacy policy).
Some other apps (Signal?) have also done this out of the blue, though they may have since added a UI around this.<p>Regardless, Apple has done the right thing by putting this behind a permissions box, but the developer should be required to have some sort of explanation string of why they need this.
For some technical context: this dialog pops up the first time an app attempts to send a packet to a local device. A "common" reason why this happens are actually your own network devices if you're connected on wifi. For instance sending a custom DNS query to the wifi advertised DNS server (if it's the router) will cause that dialog. Same thing happens if you happen to have a router redirect certain resources to itself. The latter typically at this point only happens for non encrypted HTTP traffic and that's basically no longer permitted.<p>So why it happens exactly would be interesting.
Is it TikTok or is it just because of a captive portal on the WiFi?<p>It happened to me just yesterday: “Why does X require local network access? Ugh.” A minute later “Oh, Y is also requiring network access.”<p>Yes, I was on a public wifi.<p>This may be 100% Apple’s fault, everyone here is just commenting on a photo and not confirming that they also saw the message today.
Twitter does it too<p><a href="https://twitter.com/donohoe/status/1412563187426369537" rel="nofollow">https://twitter.com/donohoe/status/1412563187426369537</a>
This shouldn't be news, tons of apps do this; I suspect it's for something like Chromecasting, maybe it collects telemetry too?, either way not at all specific to TikTok.
Pokemon Go started asking for this back in March with an update. I don't think it was ever figured out why it would want access, and it's certainly not for Chromecast/Roku/AppleTV.
Many apps need to peer with a very short list of remote nodes. There are only some rare apps that need blanket network access to any other node. Maybe it's time for more permissions constraints to be applied?
Curiously, I have seen this prompt in apps that did not normally ask for this permission when I was on a captive network without having logged in. No idea why it was prompted, but could be related somehow?
There are two ways that the TikTok mobile app can be used to control the app running on a smart TV, android TV, roku, or whatever.<p>1) The app on the smart tv can connect to a command-and-control network in the cloud, which will make deranged HNers howl in disapproval.<p>2) The app on the phone can discover local devices it can control, which will make deranged HNers howl in disapproval.
Why does TikTok 'need' access to devices on your local network?<p>The intention from YouTube is obvious as they use it for Chromecast, but why does TikTok need this particular access? Have they disclosed this usage somewhere?<p>On top of that and continuing from [0], it seems that it is collecting even more things that you may not even know about [0]. Far worse than the other apps out there.<p>The purpose? The recommendation algorithm, of course. Otherwise, how else is it supposed to work?<p>To Downvoters: Lots of commenters here saying that TikTok does not support AirPlay or Chromecast. Since that can be ruled out, what is the intention of this permission and is it disclosed anywhere on why do they need such access?<p>I'm also assuming that you know why TikTok needs access to devices on your local network? Maybe you can elaborate on this?<p>[0] <a href="https://news.ycombinator.com/item?id=28137000" rel="nofollow">https://news.ycombinator.com/item?id=28137000</a>