TikTok no worse than Facebook for privacy, says Citizen Lab (although Chinese TikTok is a horror)
App has common code base for three versions: one global edition; one for south-east Asian; one for China
TikTok is likely no more of a threat to users than Facebook, according to an analysis by academic research group Citizen Lab that analyzed the video-sharing social networking service’s app to probe for security, privacy and censorship issues.
The report was published online on March 22 by the University of Toronto Lab, which focuses on civil digital threats and high-level policy engagement. The authors considered both TikTok - the app available outside China - and Douyin, the Chinese version of TikTok.
TikTok has a bad reputation that saw it land in court over privacy concerns and eventually settle for under $100m to put multiple privacy-related class actions to bed.
The app was also banned by the Trump administration over concerns about ByteDance’s data collection policies that were branded a national security threat. Amid an escalating trade war with China, the administration asserted that the app collected data and fed it to the Chinese Communist Party. India, Pakistan, Indonesia and Bangladesh also had concerns and banned the app with varying degrees of success.
“Despite these actions, there has been limited technical research on TikTok. Even less attention has been given to Douyin, the version of TikTok made for the Chinese market,” Citizen Lab said in an FAQ accompanying of the report.
Biden administration pauses pursuit of TikTok and WeChatREAD MORE
In China, app developers are liable for content hosted on their platforms causing them to filter more aggressively in line with government guidelines, including those that restrict free speech. Separate versions of the app make sense to comply with individual country regulations.
The report found that neither TikTok nor Douyin displayed any malware-like behaviour. While Douyin does contain dynamic code loading and server-side search censorship, TikTok does not contain comparable features. Both apps have source code that restricts hate speech, suicide-related content and sensitive information. Douyin restricts some political terms in search, but it is inconclusive as to whether TikTok censors any political content. Douyin also collects more device information and some usage patterns, which are stored internal to the company and sometimes shared with other Chinese companies.
TikTok and Douyin share much of their source code, leaving Citizen Lab to speculate one code base is modified to meet country regulations and market needs.
Citizen Lab further revealed that there is a separate version of the TikTok app for East and Southeast Asia, suggesting an emphasis on the region.
“In TikTok, the end result of customizing the common code base seems to create a product that largely follows international industry norms, as we have not found any undesirable features like the ones in Douyin, nor strong deviations of privacy, security and censorship practices when compared to TikTok’s competitors, like Facebook,” Citizen Lab's report says.
The research group pointed out that not finding evidence of privacy concern does not mean there are none, as customizations could be intentionally or unintentionally modified.
“We are concerned with the possibility where TikTok’s server-returned configuration values could enable those dormant code written for Douyin, which might lead to China-specific features being enabled,” said the report.