RSS
Translated by

TikTok

Product
Developers: ByteDance
Branches: Internet services

Content

TikTok is social network which allows to shoot musical videos, to conduct the airs and to communicate. The platform became the leader in the Chinese market and enjoys popularity in many countries of the world, including in the USA.

Audience

Where TikTok was loaded most of all, for June, 2020

2020

Pavel Durov passed an opinion on possible prohibition of TikTok in the USA

  • "China prohibits practically all non Chinese social media applications in the territory. If you want to get access to the markets of other countries, you also should open for them the market — it would be fair";
  • "war" of the USA against TikTok creates a dangerous precedent, "which finally can kill the Internet as really global network (or what from it remained)";
  • "The USA for decades acted as defenders of freedom of trade and freedom of speech, but now when China began to replace them as the main beneficiary of world trade, as the USA (or, at least, the Trump's administration), it seems, began to treat less enthusiastically these values";
  • "the problem with case of the USA and TikTok is that it legalizes the racketing tactics which was earlier applied only by authoritarian regimes";
  • "soon each big country, most likely, will use "national security" as a pretext for split of the international technology companies. And on a twist of fate American companies, such as Facebook or Google, most likely, from effects will lose most of all"

Intention of Microsoft to purchase business of TikTok in the USA and some other countries

On August 3, 2020 it became known that Microsoft conducts preliminary negotiations on purchase of the platform of short videos of TikTok in the USA and some other countries several days later after the Trump's Administration threatened to prohibit this popular service.

TikTok

Microsoft reported that it "within several weeks" will begin discussion of the transaction with parent company, the Chinese ByteDance, expecting to complete negotiations by September 15, 2020, and meanwhile to continue dialog with the government of the United States, including the President.

In the blog of the company it is said that the general manager Satya Nadella and the President Donald Trump discussed this transaction after Trump's Administration expressed concerns in view of accessory of social network to the Chinese side.

Microsoft reported that both parties discussed the possible transaction which assumes purchase of TikTok service in the USA, Canada, Australia and New Zealand therefore Microsoft will become the owner and TikTok operator in these markets. Microsoft reported also that it can recruit other concerned parties in the USA in this transaction as minority investors.

File:Aquote1.png
This structure will save the existing conveniences and possibilities of TikTok which were so fallen in love to users, having added to them security, a privacy and protection of world-class digital contentMicrosoft writes.
File:Aquote2.png

File:Aquote1.png
Among other things, Microsoft will provide that all personal data of the American users of TikTok will be transferred to the USA and will remain in the United States, said in the blog. — Microsoft will provide that all these data — in that measure in what they are stored or reserved for borders of the United States — will be deleted from servers outside the country after their transfer.
File:Aquote2.png

News about the possible transaction with TikTok appeared on July 31, 2020 when the reporter of Fox Business Charles Gasparino wrote on twitter that he confirmed sources in the investment sphere to it that Microsoft is "in negotiations on purchase" business of TikTok in the USA.

The committee on the foreign investments in the USA (CFIUS) conducts investigation concerning parent company TikTok, ByteDance, since fall of 2019 against the background of concerns that [[the Government of China | the Chinese government]] can use TikTok for collection of data on the American citizens, reported Bloomberg. The committee is concerned by also possible purchase of the operations TikTok in the USA by Microsoft company, writes Gasparino in the tweet.

In former times Microsoft was strongly focused on consumer market, but in recent years under the leadership of Satya Nadella displaced a sight on service of business users. And in June, 2020 Microsoft announced that it completely will close all the salons of retail sales worldwide[1].

Video service of TikTok is estimated at $50 billion

On July 29, 2020 it became known that the investors of ByteDance company, parent for TikTok, considering the possibility of acquisition of popular video service estimate the application at $50 billion. This amount considerably exceeds indicators of competitors, in particular Snapchat.

According to the Reuters agency, the Chinese company ByteDance considers several options of further development of TikTok service. Because of pressure of the USA which government does not hide the concerns concerning personal data protection of users and also because of the trade conflict between the states there is a risk that, ByteDance will be included in the black list of the USA. It means that inhabitants will not be able to use also TikTok any more which allows to create short videos with different special effects.

The American investors estimated TikTok at $50 billion

In the publication it is said that in order to avoid TikTok blocking some American investors, in particular General Atlantic and Sequoia, suggested ByteDance to sell TikTok controlling stake for $50 billion. This amount of 50 times exceeds the predicted profit in 2020 which is expected at the level of $1 billion. For comparison, according to analysts of Refinitiv, Snapchat is estimated at $33 billion that is 15 times higher than the predicted revenue in 2020.

Not clearly, whether the founder and the CEO of ByteDance Imin Zhang will agree to the proposal of investors. However, according to messages of Reuters, company executives discussed recently forecasts for assessment of TikTok which exceed $50 billion.

TikTok actively develops and its management expects to gain income in $6 billion in 2021. It is also known that ByteDance to which belong in addition to TikTok also its Chinese analog Douyin and also some other services, sets the purpose for 2020 to gain income about 200 billion yuans ($28 billion).[2]

Senators of the USA are concerned by possible use of TikTok for influence on elections-2020

The group of the American republican senators strengthens pressure upon TikTok, having asked the Trump's administration to estimate threat of possible use of this popular application by China for intervention in the American elections[3].

File:Aquote1.png
"We are very concerned by the fact that (Communist Party of China) can use the control over TikTok [...], to seed contention among Americans and to achieve political results, preferable to China" — legislators in the letter to offices of the director of the National intelligence, the minister of internal security and the director of FBI said.
File:Aquote2.png

Earlier the head of administration of the White House Mark Meadows said that the administration considers measures concerning the Chinese applications TikTok, WeChat and others which can be undertaken in the next weeks.

File:Aquote1.png
"There is a number of officials of administration who consider the risk for national security connected with TikTok, WeChat and other applications which can potentially undermine national security, especially as for collection of information about the American citizens by the foreign opponent" — Meadows told journalists.
File:Aquote2.png

File:Aquote1.png
"I do not think that there is some fixed term for actions, but I think that we look at weeks, but not for months" — he added.
File:Aquote2.png

The intention to close TikTok in the USA was expressed also by the Secretary of State Mike Pompeo.

The campaign headquarters of the candidate for president from Democratic party Joe Biden demanded from employees to delete this application from all the devices.

Amazon urged employees to delete the TikTok application because of security concerns

In the middle of July, 2020 Amazon urged employees to delete the TikTok application because of security concerns. Employees had to delete the application from mobile devices which have access to corporate e-mail of the company, by July 10. However later the company reported to media that the e-mail was sent by mistake and actually does not change the policy of the company for TikTok.

File:Aquote1.png
If on your device there is a TikTok application, you should delete it till July 10 to save mobile access to e-mail Amazon — it was said in mailing. — Now use of service TikTok via the browser on notebooks of Amazon is authorized.
File:Aquote2.png

Amazon urged employees to delete the TikTok application because of security concerns

Possibly, this step was caused by the fact that TikTok belongs to the ByteDance company which is based in Beijing and therefore is under close attention of Washington. Political figures of the USA are concerned by communications of TikTok with the government of China and access to user data from public servants.

On Monday the Secretary of State Mike Pompeo said that the USA considers the possibility of prohibition of TikTok. He also warned that, downloading the application, users risk to give the "personal information in a charge of the Communist Party of China". Nevertheless, the TikTok company states that it stores data of the American users on the servers located in the USA and Singapore, and data processing centers are located outside China.

The representative reported that the company appreciates security and confidentiality of users, and added that Amazon was not informed by TikTok on the solution before mailing of messages.

File:Aquote1.png
We still do not understand their concerns, but we welcome dialog and are ready to solve any arisen problems together with a command of Amazon.[4]
File:Aquote2.png

Charge of data transmission of users from India to the authorities of China

On July 2, 2020 it became known that the TikTok application observes the legislation of India and does not transfer data of users to the authorities of the foreign states, including China.

TikTok

Earlier in India blocked nearly 60 Chinese applications as they allegedly cause damage to sovereignty and security of the country. According to Sensor Tower company, India is the leader in quantity of installed applications of TikTok — 611 million loadings (30.3% in the world). Blocking of applications happened against the background of the anti-Chinese moods. Between New Delhi and Beijing territorial disputes escalated. In May, 2020 there were collisions on the allied territory Ladakh, about 100 soldiers on both sides were wounded. In the night of June 16, 2020 there were collisions[5] again[6].

The appeal to a clipboard each several seconds "for security"

On June 26, 2020 it became known that the Apple company implemented in iOS of 14 additional notices warning users if any application gets access to a clipboard. As it appeared, many applications "sin" with similar behavior. Access to a clipboard is really necessary for some services for work, however the others get access just like that, without the visible reasons.

One of the applications getting data access in a clipboard on IOS-DEVICES is TikTok. According to developers, thus TikTok spam-protects users. Nevertheless, this mechanism of security, unclear how exactly works. As developers of the application reported, function is intended for identification repeating spam activity.

As Jeremy Burge from Emojipedia noted, at text typing TikTok addresses a clipboard of times in several seconds.

File:Aquote1.png
Well, TikTok gets data from a clipboard through each 1-3 lines. iOS 14 informs on it using the notifications. Why TikTok needs to check a clipboard (and to cause notifications) through each 1-3 lines, unclear. It can be explained with bad implementation of a framework. Or something more harmful, - Burzhe on the Twitter wrote.
File:Aquote2.png

When the public knew of strange behavior of TikTok, "for the avoidance of doubt" his developers expressed the intention to remove an antispam function future updating. The latest version of the application for June, 2020 undergoes process of approval for the publication in App Store TikTok[7].

The vulnerability allowing to get access to others accounts and to manipulate their content

On January 9, 2020 it became known that specialists of Check Point company published the report on serious vulnerabilities in the TikTok supplement. With their help malefactors could not only abduct data of users, but also manipulate their statuses in a profile and video.

In particular, vulnerabilities allowed to get access to others accounts and to manipulate their content, to delete and load video, to do the hidden videos visible for all and to disclose the personal information saved in the account (for example, the e-mail address).

During the research of security of the application experts found out that the website TikTok allows to send Sms to any phone numbers on its own behalf. The malefactor can perform spoofing of the message, having changed the download_url parameter in the intercepted HTTP request, to insert any, including harmful, the link and to send it to the user on behalf of the TikTok command.

The malefactor can perform reengineering of the counterfeit link and send TikTok requests together with cookie-files of the victim. Here other vulnerabilities detected by researchers can be exploited. Even without cross-site counterfeit of requests the malefactor can execute the JavaScript-code and make actions on behalf of the user. Using a combination of POST-and GET requests attacking can change privacy settings of the hidden videos, create rollers and publish them in an account of the victim.

Accomplishment of the JavaScript-code also allows to obtain personal information of the victim through the existing API calls, however for this purpose attacking at first it is necessary to bypass mechanisms of security of SOP (the rule of restriction of the domain) and CORS (sharing of resources between different sources).

The developer of the application corrected vulnerabilities before the publication of the report of researchers[8].

Links

Link to service

Notes