Your applications, location, contacts, voicemail number and active subscriptions – this is just some of the information being collected from your phone via the TikTok app.
Canberra company Internet 2.0 recently released an analysis into the popular social media app, which found examples of “excessive data harvesting”.
Director Thomas Kenyon said they had been interested in the China-owned social media company for some time.
“In many ways, cyber is the frontline for international relations, and it is an increasingly hostile environment,” he said.
Given its explosion in popularity, Internet 2.0 wanted to find out exactly what was being collected about each of TikTok’s users.
“Kids use it and love it for a reason, but there’s a dark side to it that’s gone too far, and we need to sort it out,” Mr Kenyon said.
“We need to control the type of information they collect because we cannot control how they use it.”
The report found “overly intrusive” permissions and unnecessary device information collection which were not needed for the application to operate.
Mr Kenyon said while it was typical of social media apps to ask for certain permissions, TikTok turned data collection “all the way up to 11”.
“With a lot of the data they’re collecting, they’re either taking it to the extreme or it’s not needed,” he said.
“There’s no logical explanation for that except for data harvesting.”
TikTok has stated its user data was stored in Singapore and the US. However, the Internet 2.0 investigation found multiple subdomains around the world where data from the iOS (Apple) application could be sent, including Baishan in China.
“During analysis, we could not determine with high confidence the purpose for the China Server connection, or where user data is stored,” the report said.
“The subdomain connected to the ‘China server connection’ resolved in multiple locations around the world, including in China.
“Of note, only the iOS version had this mainland direct server connection. We could not find any direct server connections with mainland China in the Android version of the application.”
Mr Kenyon said while we may not consider our information valuable, the Chinese Government certainly did.
“Many of its users are young people … but as you get richer, you become more vulnerable as your career builds, your contacts build and these are all mapped in one place on your phone,” he said.
“The Chinese Government uses this to build a picture of Western society which they then try to attack, and you’re contributing to that.”
ANU National Security College senior fellow Katherine Mansted agreed we needed to exercise caution when using social media apps, with most users only aware of the “tip of the iceberg” of the data collected.
“Underneath, there is a huge amount of data we don’t realise we’re sharing,” she said.
“The sheer volume of data that can be collected in such opaque ways, we’ve never seen this before in human history.”
TikTok has been accused of deliberately using legal and political jargon to make it more difficult for users to know what data was being collected and how it could be used.
Ms Mansted pointed out some non-democratic countries, such as China, had laws that stated a company’s data had to be “handed over”.
“The code and intentions of the company often don’t matter,” she said.
“Regardless of whether it’s written into their policies, that data will be harvested. If it is accessible in China, then there’s always a problem there.”
Ms Mansted said the report highlighted how little the general public had been given access to what went into TikTok, and that while we may have originally believed we were passive users of technology, that excuse was no longer valid.
“We’re not in those times anymore. We need to make hard choices about what we use and how much data we’re giving away,” she said.
“Apps exist to data harvest at a large scale. Unless you’re paying for the app, it will be harvesting data about you, regardless of the privacy settings you choose.
“You might be using TikTok for your business or for fun, but the reality is everyone is potentially at risk.”
Ms Mansted said what this report had done was start a conversation about how much we really wanted social media apps to have access to our information.
While users may have innocent reasons for posting now, you couldn’t know what kind of privacy you would need in the future.
“You never know what digital breadcrumbs you are leaving behind, not just of yourself, but your friends and family,” Ms Manstead said.
And if you wanted to see a change in how social media apps treated our data? Vote with your fingers.
“Delete the app,” Ms Mansted said.
“Ultimately, consumers power these apps. They can exert their rights and push for a future they want, not the future the tech companies want for them.”
The Internet 2.0 report has been presented to a US Senate subcommittee investigating TikTok’s activity in America.