Tag Archives: ByteDance

Former exec: China has backdoor access to TikTok data!

A former top ByteDance executive is alleging that the China has backdoor access to all TikTok data!

 

Former Exec : China Has Backdoor Access To TikTok Data!

A former top executive at ByteDance – TikTok’s parent company, has just claimed that it built a “backdoor channel” in its code to allow the Chinese Communist Party (CCP) supreme access to user data in TikTok.

This revelation came as part of the lawsuit that Roger Yu Yintao, filed against ByteDance for wrongful termination from his job as head of engineering in the United States. He says he worked there from August 2017 till November 2018.

In his lawsuit filed on May 12 at the San Francisco Superior Court, Roger Yu alleges that he was fired from his job for his “observation and reporting of illegal conduct” at ByteDance to his supervisors.

He said he observed ByteDance being “responsive to the CCP’s requests” to share, elevate, or even remove content”, describing the company as “a useful propaganda tool for the Chinese Communist Party”, and is engaged in a “culture of lawlessness”.

More shockingly, he claimed that the CCP has a special office in ByteDance, sometimes referred to as the “Committee”. Its task was allegedly to monitor ByteDance, and advise it on how to advance “core Communist values”.

He also claimed that the CCP “Committee” can demote content it viewed as unfavourable to China’s interests, and even has a “death switch” to turn off Chinese versions of its apps.

Roger Yu also claimed that he “saw the backdoor channel in the code”. If true, such a backdoor would give China and the CCP government unfettered access to all data in TikTok, no matter where the data is located.

The Committee maintained supreme access to all the company data, even data stored in the United States.

Recommended : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

Roger Yu Yintao (left) and ByteDance founder, Zhang Yiming, at ByteDance, 2015

Allegedly, ByteDance was “aware that if the Chinese government’s backdoor was removed from the international / US version of the app, the Chinese government would, it feared, ban the company’s valuable Chinese-version apps”.

Roger Yu also accused ByteDance of scraping data from its competitors – mainly Instagram and Snapchat, without users’ permission. He claimed that ByteDance used software to “systematically” collect videos from its competitors, and repost them to its own platform using fake accounts, without their creators’ permission.

 

ByteDance Denies Allegations Of Backdoor Access For China

A ByteDance spokesperson has denied the allegations laid out in Roger Yu Jintao’s lawsuit, claiming that he only worked for a short time on an unrelated app called Flipagram, which was discontinued for business reasons.

We plan to vigorously oppose what we believe are baseless claims and allegations in this complaint.

Mr. Yu worked for ByteDance Inc. for less than a year and his employment ended in July 2018.

According to earlier reporting of Roger Yu Yintao’s lawsuit, he realised that ByteDance had been engaged for years in a “worldwide scheme” to steal and profit from content created on other platforms soon after he began his job.

In response to those allegations, the ByteDance spokesperson said that the company is “committed to respecting the intellectual property of other companies, and we acquire data in accordance with industry practices and our global policy.”

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Australia To Ban TikTok On Official Devices!

Australia just announced that it would join other Western countries in banning TikTok on official devices!

 

Australia To Ban TikTok On Official Devices!

On 4 April 2023, Attorney-General Mark Dreyfus announced that Australia will ban TikTok on official devices, “as soon as practicable“.

Dreyfus said that the decision was taken “after receiving advice from intelligence and security agencies“.

The direction will come into effect as soon as practicable. Exemptions will only be granted on a case-by-case basis and with appropriate security mitigations in place.

Australia also made changes to its Protective Security Police Framework (PSPF), noting that TikTok poses a security threat due to its data collection practices.

The TikTok application poses significant security and privacy risks to non-corporate Commonwealth entities arising from an extensive collection of user data and exposure to extrajudicial directions from a foreign government that conflicts with Australian law.

The Australian government, however, said that it will allow the use of TikTok for “a legitimate business reason”,. and on a separate”standalone device”. This move came after a security review of social media apps, including TikTok, was submitted to the Australian government last month.

Before this announcement, over half of all Australian federal government agencies had already banned TikTok on official devices. With this decision, the ban is applied consistently across the Australian government and brings Australia in line with New Zealand, and other Five Eyes member countries like the United States, the United Kingdom, and Canada, in banning TikTok on official devices. Norway, the European Parliament and NATO also banned TikTok on official devices.

Recommended : Was TikTok CEO Denied Recess In US Hearing?!

 

TikTok Calls Decision Driven By Politics, Not Fact

Before the ban of TikTok on government devices was announced, TikTok Australia and New Zealand Lee Hunter said that the decision was “driven by politics, not fact”.

There is no evidence to suggest that TikTok is in any way a security risk to Australians and should not be treated differently to other social media platforms.

Our millions of Australian users deserve a government which makes decisions based upon facts and who treats all businesses fairly, regardless of country of origin.

TikTok maintains that there is no evidence to suggest that its app posed a security risk.

In June 2022, TikTok was accused of allowing its engineers in Beijing repeatedly access private user data outside of China! Two years earlier – in June 2020, TikTok was even caught spying on what its users typed in other apps, and accused of being malware.

However, there has been no concrete evidence that TikTok contained the kind of sophisticated malware that was recently discovered in the popular Chinese app, Pinduoduo.

Recommended : Pinduoduo App Contains Persistent Spy Malware! 

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FCC Commissioner Asks Apple + Google To Remove TikTok!

FCC Commissioner Brendan Carr just publicly asked Apple and Google to remove TikTok from their app stores!

Here is what you need to know about the renewed heat on TikTok!

 

FCC Commissioner Asks Apple + Google To Remove TikTok!

On June 29, 2022, FCC Commissioner Brendan Carr publicly called on Apple and Google to remove TikTok from their app stores.

This move came after leaked TikTok audio recordings obtained by Buzzfeed News revealed that ByteDance staff in China (and possibly the Chinese government) retained extensive access to data on US citizens.

Read more : TikTok Leak Showed China Repeatedly Accessed Private User Data!

In his public letter to Apple CEO Tim Cook, and Google CEO Sundar Pichai, the FCC Commissioner asked that TikTok be removed for “its pattern of surreptitious data practices”.

It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.

But it is also clear that TikTok’s pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. user data – just some of which is detailed below – puts it out of compliance  with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores.

Therefore, I am requesting that you apply the plain text of your app store policies to TikTok and remove it from your app stores for failure to abide by those terms.

FCC Commissioner Carr also labelled TikTok as a “sophisticated surveillance tool” that is designed to harvest “personal and sensitive data“.

At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.

Indeed, TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints – which researchers have said might be used in unrelated facial recognition technology – and voiceprints.

It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. The list of personal and sensitive data it collects goes on from there.

This should come as no surprise, however. Within its own borders, the PRC has developed some of the most invasive and omnipresent surveillance capabilities in the world to maintain authoritarian control.

Carr ended his letter with an “ultimatum” of sorts – if Apple and Google do not remove TikTok from their app stores, they need to provide “separate responses” to him by July 8, 2022, explaining why TikTok does not contravene their App Store policies.

As of June 30, 2022, TikTok is still available to download in the US app stores of both Apple and Google.

If Apple and Google acts on the FCC Commissioner’s request, TikTok will only be removed from their US app stores. It won’t affect downloads in other countries.

Neither would it prevent users in the US from continuing to use TikTok. They just won’t be able to download it any longer, or update to newer versions.

 

FCC Commissioner Lists History Of TikTok Data Practices!

While the leaked TikTok audio recordings may have precipitated this open letter to Apple and Google, FCC Commissioner Carr pointed to a list of questionable data practices by TikTok in the past.

The list makes for really interesting reading, especially for those who are not up to date on TikTok’s privacy and data security issues :

  • In August 2020, TikTok circumvented a privacy safeguard in Google’s Android operating system to obtain data that allowed it to track users online.
  • In March 2020, researchers discovered that TikTok, through its app in the Apple App Store, was accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.
  • In 2021, TikTok agreed to pay $92 million to settle lawsuits alleging that the app “clandestinely vacuumed up and transferred to servers in China (and to other servers accessible from within China) vast quantities of private and personally identifiable user data and content that could be employed to identify, profile, and track the physical and digital location and activities of United States users now and in the future.”
  • In March 2022, a report included current and former TikTok employees stating in interviews that TikTok delegates key decisions to ByteDance officials in Beijing and that an employee was asked to enter sensitive information into a.cn domain, which is the top-level domain operated by the Chinese government’s Ministry of Industry and Information Technology.
  • Earlier, in 2019, TikTok paid $5.7 million to settle Federal Trade Commission allegations that its predecessor app illegally collected personal data on children under the age of 13.
  • India- the world’s largest democracy–has already banned TikTok on national security grounds for stealing and surreptitiously transmitting user data in an unauthorized manner.
  • Multiple U.S. military branches have also banned TikTok from government-issued devices due to national security risks, including the Navy, Army, Air Force, Coast Guard, and Marine Corps.
  • U.S. government officials have also urged troops and their dependents to erase the app from their personal phones.
  • U.S. national security agencies have similarly banned TikTok from official devices citing national security risks, including the Department of Defense, Department of Homeland Security, and the TSA.
  • The RNC and DNC have warned campaigns about using TikTok based on security concerns and the threat of officials in Beijing accessing sensitive data.
  • Citing data security concerns, private U.S. business operations have also banned TikTok from company devices, including Wells Fargo.
  • Once accessed by personnel in Beijing, there is no check on the CCP using the extensive, private, and sensitive data about U.S. users for espionage activities because compliance with the PC’s 2017 National Intelligence law is mandatory in China.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!