TikTok: Logs, Logs, Logs
--
We are in 2020 and the US president is about to ban TikTok, a video-sharing social network mobile app, because “it poses a risk to US national security”. At the same time, Microsoft started discussions on a potential TikTok purchase in the United States. TikTok has received a lot of media coverage lately, but how much of it is factual? This is what I will try to answer in this series of articles. Each article will answer a very specific question. It is time to put the facts back on the table.
Disclaimer
- TikTok offers plethora of features to their users thanks to its million of lines long code. As such, a single article can not cover a question as broad and vague as “does TikTok poses a threat to US national security?”. That’s why I’ll cover the matter over several articles all focused on specific subjects.
- My name is Baptiste Robert, I’m a French security researcher. I’ve been analysing mobile apps for years. You can find my public work at fs0c131y.com/press and my stupid tweets at twitter.com/fs0c131y.
- My goal here is to be totally transparent. I will share everything you need to double check what I wrote in this article.
- If you’d like to skip the technical details, a TL;DR is available at the end of the article.
I) Introduction
On August 2, 2020, I started to analyse TikTok and tweeted about it.
Few minutes after this tweet, one of my followers commented.
We discussed by private messages and he explained me the issue. He listened to the network requests made by TikTok and noticed that a request was made every 2 minutes. However, the content was encrypted and he was unable to decrypt it.
