TikTok said, “We have contacted OAIC who we are now in correspondence with. Given the many inaccuracies and errors in the Internet 2.0 report, we look forward to providing a clearer and more accurate picture to the Commissioner.
Internet 2.0 responded by saying, “We have reviewed TikTok’s claims regarding our research and found that they contradict their own privacy policies and source code.”
“As a result, we believe TikTok should be more open with researchers and journalists. Our research, on the other hand, is open to external scrutiny and our work is held in the highest regard by our peers in the field.
Internet 2.0 analysis also revealed that TikTok polls the Android device’s GPS location at least once every hour and found that it requests access to users’ contacts. If the user denies the request, Internet 2.0 indicates that the user is continuously polled in a loop until access is granted.
“It is normal for an app to initially request access to contacts, but TikTok’s persistent and endless harassment for access to users’ contacts is abnormal. This reflects a culture that does not prioritize privacy or to a user’s privacy preferences,” the report said.
Internet 2.0 analysis also revealed that TikTok collected a range of device information. However, the social media company denied some of these findings.
“Internet 2.0 distorts the amount of data we collect. For example, we do not collect the user’s device IMEI, SIM card serial number, active subscription information, or IC card ID number. We don’t have automatic clipboard access, although it can be initiated by a user,” TikTok said.
“Unlike other apps, we don’t collect precise GPS location, but use approximate location information like IP addresses to make general inferences that help us comply with local laws in the markets we operate in. This also helps us support fraud prevention and detection, and prevent inauthentic spam or bot-like behavior on our platform.”
Liberal Senator James Paterson said he welcomes the independent OAIC’s move to investigate TikTok.
“It is recognition that the recently revealed privacy and cybersecurity issues are serious. But we also need the Albanian government to step in and act – these problems will not solve themselves,” he said.
Social media apps, in general, collect massive amounts of data, deemed unnecessary by many privacy experts, largely to profit from engagement and the sale of targeted ads. For example, Facebook Messenger was singled out by OpenDemocracy for its excessive data collection, which included name, email, location, user ID, iMessage, photos and videos, health and fitness, etc.
However, earlier this month, the Financial analysis revealed that TikTok, in a letter to Senator Paterson, admitted that Australian user data could be viewed by staff in mainland China.
Although the social media company’s executives have stressed that strict protocols overseen by its US security team tightly restrict access as needed, politicians and security experts remain concerned about the security of such information.
Indeed, reports and research on ties between ByteDance, TikTok’s parent company, and the Chinese Communist Party, the spread of propaganda and censorship, as well as China’s 2017 National Intelligence Law, which mandates organizations and citizens to “support, assist and cooperate with the intelligence work of the state”.