TikTok users have been warned of "excessive" data harvesting by the social media application in a new analysis.
Subscribe now for unlimited access.
or signup to continue reading
Cyber security company Internet 2.0 accused TikTok of being "a massive security flaw waiting to happen" in a report published on July 18.
"The ties that they [TikTok] have to Chinese parties and Chinese ISP's make it a very vulnerable source of data that still has more to be investigated. Data harvesting, tracking, fingerprinting, and user information occurs throughout the entire application," the report read.
The company analysed the source code of TikTok's Android application to determine what data the application was harvesting and where it was going.
One piece of code showed TikTok allegedly collects a phone's IMEI number, which identifies the phone, shows whether an application has been re-installed and even other applications on the device.
The company also found that 37.7 per cent of TikTok's known IP addresses were allegedly linked to Alibaba, an internet service provider based in Hangzhou, China.
Alibaba was the victim of a security breach which saw more than 1.1 billion pieces of user information being collected by a software developer in November, 2019.
The report concluded that "TikTok does an excessive amount of tracking on its users, and that the data collected is partially if not fully stored on Chinese servers with the ISP Alibaba".
Read More
Co-CEO of Internet 2.0 Robert Potter, who edited the report, said on Twitter they sent all of their research to TikTok for comment and verification.
"They [TikTok] refused to go on the record about the details of their China based infrastructure," Mr Potter wrote.
A TikTok spokesperson said Internet 2.0 has made "baseless claims" about the application, arguing the platform is "not unique in the amount of information it collects".
"TikTok user data is stored in Singapore and the US, and we have been clear and vocal about employing access controls like encryption and security monitoring to secure user data," the statement read.
"The IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China."