TikTok privacy insights via reverse engineering - Mobile Privacy Briefing 2023.084

On the more technical side, my friend Sebas creates a curated weekly summary of security (and other) topics in the Security Pills Newsletter. In Issue 27, he linked to an interesting technical write up of the great lengths TikTok has gone to obfuscate how their code works and in particular related to the sensitive personal data collected (shout our to vetias at nullpt.rs for the excellent re work and write up).

While the excellent article is highly technical, you can quickly scan it to see both the level of sophistication in their obfuscation as well as how much sensitive data is collected, creating precise fingerprints of users and their devices.

Importantly, the dynamic nature of implementing this backend system means that changes can be easily made and outside the purview of nearly everyone. There are far reaching implications for this including:

If you want to read a fascinating article on how the major advertising platforms abuse their users and customers, definitely check out Cory Doctorow’s “The ‘Enshittification’ of TikTok - Or how, exactly, platforms die.