Analysis of the TikTok app revealed references to Chinese servers in the code, which was subsequently removed in an update.
Two security researchers have given very different perspectives on whether or not this raises any privacy concerns …
The New York Times reports.
TikTok itself said that the code was removed as part of a clean-up of unused features, but didn’t elaborate on its purpose. The company did say that it has not shared data with the Chinese government.
Disconnect, a San Francisco security firm, analyzed the code of the TikTok app for iOS. In July, the app’s code contained references to servers in China. Last weekend, Disconnect reviewed the app’s latest version and saw that the lines of code referring to Chinese servers had been removed.
Patrick Jackson, the chief technology officer of Disconnect, said that while he did not witness any data transmission by the app to Chinese server computers, he found the existence and subsequent removal of the code suspicious.
But Sinan Eren, the chief executive of Fyde, a security firm in Palo Alto, Calif., said the references to servers in China did not alarm him. Plenty of apps have legitimate reasons for relying on some Chinese servers — for example, if they have users in Asian countries and want to stream video to them quickly in a cost-effective manner.
“It’s not realistic for anybody to say that they’re not going to use any Chinese servers, ever,” Mr. Eren said.
TikTok was one of a number of apps recently found to be reading user clipboards. The company said then that this was for an anti-spam feature, but promised it would be removed in a future update. Other big-name apps found to be doing the same thing include LinkedIn and Reddit. The former said it was a bug, the latter a feature designed to read URLs and suggest post titles.
TikTok confirmed in a new blog post today that it removed the code.
The app is currently facing a ban on use in the US unless it is sold to a US company, with Microsoft the lead bidder.
Earlier this year […] we saw speculation about clipboard access that we believe posed no actual risk, but appreciated that there was concern. We immediately took steps to reduce clipboard access – even though information was never leaving a user’s device and was consistent with the behavior of what other apps, including most news media apps, were doing.
We believe it is more important to provide peace of mind to our community than to provide marginal functionality of a feature, or give convenience to a user or engineer. In line with this, we continue to work on similar efforts around cleaning up inactive code in the app to reduce potential confusion or misconceptions.
