Applications, should Parents trust them?

Sunday afternoon thoughts :

As a parent to two daughters, I am always concerned about interactions with apps.  What data do these applications actually collect, are they safe for general use, etc.

Today I thought I would look at TikTok, a popular application.

(link https://en.wikipedia.org/wiki/TikTok)

I set about this task :

  1. I setup my MacBook to share its WiFi connection to the LAN.
  2. I reset an iPad
  3. Connected to WiFi on MacBook from iPad
  4. Downloaded the TikTok application
  5. Ran packet capture during the setup of the account for TikTok

For a comparison I had one of my daughters use her iPhone/TikTok and captured that data as well.

While most of the transactions that occur with TikTok are in fact TLS, there are a couple of things when the application starts up that is not.

Do you see an issue with these?

What do you see that should be of concern?

In addition to these non-TLS packets of data, Whenever there is a a new video played, some or all of it is actually sent without TLS/SSL.

This is from 15 minutes of reviewing.  From first glance they use OpenUDID which I thought was closed down in 2015.

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s