After being launched in the Chinese market in 2016 as “Douyin”, social networking service TikTok has become one of the world’s recognizable app brands.
New estimates published this month suggest that TikTok could have as many as a billion monthly users, with around 100 million of those coming from the United States. It’s safe to say the product is already a phenomenon and wildly popular, especially among younger people, but not everyone is happy with its status.
Accusations of Privacy Breaches
Labeled a threat by the Trump administration due to its Chinese connections, TikTok has constantly found itself accused of siphoning off user data for use overseas. According to analysts, however, the software is no more intrusive than Facebook and Instagram. Which, of course, is a pretty low bar by most standards.
Nevertheless, many people simply do not trust TikTok, something which led to a coder known as ‘augustgl‘ reverse-engineering the company’s Android app and publishing the resulting source code on developer platform Github.
Published to Github
“This project is a bit different from my other projects. TikTok is a data collection engine disguised as a social media platform. It’s legitimate spyware, so I thought I would reverse engineer the Android application,” wrote ‘augustgl’ on his now-removed Github repo.
The source reportedly published includes that dedicated to location tracking, phone calls, screenshots, WiFi networks, and facial recognition. None of these features appear to have sat particularly well with ‘augustgl’, who signed off with the message, “China, I’ll see you when you send the hitmen to my house.”
While that did not happen, at least as far as we know, TikTok did become aware that reverse-engineered source was being made available online. Unsurprisingly, the social media company then used copyright law to have it taken down.
DMCA Takedowns
“I am legal counsel to TikTok Inc., owner of the copyright that is the subject matter of this notification, and am authorized to act on the owner’s behalf,” the notice begins.
“The original copyrighted work is source code for the TikTok Android app. Github user augustgl appears to claim to have reverse engineered the app. He posted the code to the following GitHub repository: https://github.com/augustgl/tiktok_source.”
At the same time, TikTok asked Github to help clean up all the repositories that had forked the code. In total, 19 other repositories operated by other coders were handed DMCA takedown notices, with Github complying by taking each one down.
While TikTok may have believed it had cleaned up all instances of the reverse-engineered code, there was more work to be done. In a new notice filed this week, TikTok returned for a second sweep, targeting another five repositories that had forked the original, apparently after being notified by Github.
“The original copyrighted work is source code for the TikTok Android app. Github user [redacted, but almost certainly a reference to ‘augustgl’] appears to claim to have reverse engineered the app. We submitted a DMCA notification to GitHub previously, resulting in a takedown. GitHub subsequently notified us that the user still had forks posted,” the DMCA notice reads.
All of the offending repositories appear to have been removed following TikTok’s request but the big question is whether anything surprising or insightful came from the published code, particularly in respect of the privacy and security allegations that have followed the company around in recent times.
TorrentFreak contacted ‘augustgl’ to discover what he’d found, if anything, but at the time of publishing he was yet to respond.