The Australian-American cybersecurity firm which revealed the extent of TikTok’s data collection last year says the social media company has expanded the location information it collects to include altitude, which could indicate on which floor of a building a user is located.
Last year, Internet 2.0 published a study of the data TikTok attempts to collect from users’ devices, including contact lists and calendars, as well as hard drive scanning and device geolocation. hours.
At the time, TikTok called the report “unsubstantiated” and noted that it was no different from data collected by other social media apps.
Following the report, several Western countries, including Australia, banned the use of the app on government devices, fearing the possibility that the Chinese government could access the data under national security law.
On Thursday, Internet 2.0 director David Robinson told a hearing of Australia’s Senate committee on foreign influence on social media that TikTok had never directly addressed the issues his company raised in the report. .
“(TikTok) never came back to us again to discuss issues with the data and its source code,” he said. “So it’s your word against the source code.”
“They insulted us. They said we don’t understand what the code is. But they never contacted us again to clarify or quantify their position.”
He noted that the company had done another analysis of the updated source code and found that in addition to the latitude and longitude data it was getting from a user’s device, the app was now looking for elevation information.
“So if you’re in a tall building, now they can tell what floor you’re on,” Robinson explained. “And it wasn’t in your code until last year.”
A TikTok spokesperson disputed that claim, noting that GPS data was not collected in Australia and is only collected overseas when users allow it.
“We do not collect GPS location data from users in Australia, nor do we ask permission to do so,” he said. “To clarify, in other regions where a user has enabled and grants access to location services, TikTok collects this information based on the device’s GPS data.”
The spokesperson commented that Internet 2.0 admits that their analysis “is inconclusive and does not include a detailed review of the source code, which they believe is the best way to assess data collection practices. “.
“What has been presented are misleading and inconsistent results based on flawed and biased analysis that lacked any real depth.”
Robinson noted that in other apps where Internet 2.0 has parsed source code — like Telegram and Proton — companies have explained their codes or provided additional proof of what the code does. He noted that TikTok has never approached the issue this way.
“Nobody is perfect,” he commented. “But to be honest and say, ‘Yeah, we had a problem. We didn’t know it, we’re checking it, we’re fixing it,” this is normal and trustworthy behavior, in our opinion.”
“However, for them to insult us and never, ever, ever show their code and explain it, I don’t trust them.”
The hearing will continue on Friday.