I enjoy TikTok videos from time to time. Many of us do. Lately I’ve been watching videos about camping in the snow. Don’t ask me why, but I like them.

TikTok sure is in the news a lot lately and I started wondering what all the fuss is about. It turns out it’s not so new.

Back in 2016, Quokka’s security research team discovered that the best selling phone on Amazon had a hidden Chinese backdoor and, through that, data was being sent to China without its users knowing. You can read more about that discovery in this article.

In a nutshell, it turns out that some vendors of devices (think mobile phones) allow apps like TikTok to be pre-installed as so-called “system apps”. These apps get a ton of special privileges, allowing them to do things on your device without you even knowing or, sometimes, even having the chance to turn those things off. With these permissions, the app can do things like track your location, know who you’ve talked to, what you say in your text messages, and more. Here’s another article from a couple of years ago where our team (formerly known as Kryptowire) shared some technical details.  

These are some of the things that have various governments concerned and this is why TikTok may be banned in some countries. Once the data goes to China, it isn’t clear whether it is used purely for advertising or for government purposes. 

But wait…there’s more…our recent research found that TikTok is basically using other apps on the phone to get to all of your notifications. At first you might think “So what? Who cares?” But think about what’s in your notifications: your navigation data, your calendar, your emails, your texts/signal/telegram messages and so on! And it’s all decrypted too!!! Wow! By using a second app to get this information, most users wouldn’t even be aware that TikTok was getting this data. 

At Quokka, we focus on understanding these kinds of situations not just at the individual app level, but also how apps work together (even if they don’t know it) to collude and potentially do bad things. That’s why we offer our Q-MAST platform (individual apps) and our new Q-Scout platform (sets of apps on a given device). 

Our goal is to make you aware and put you into the decision loop so you can decide what happens with your data and your private business and not the other way around. Protection without intrusion.

To learn more about us for you and your business, come check us out at quokka.io! 

Now I’ve got to go look for some cute cat videos!!!