Sunday afternoon thoughts :

As a parent to two daughters, I am always concerned about interactions with apps.  What data do these applications actually collect, are they safe for general use, etc.

Today I thought I would look at TikTok, a popular application.

(link https://en.wikipedia.org/wiki/TikTok)

I set about this task :

1. I setup my MacBook to share its WiFi connection to the LAN.
2. I reset an iPad
3. Connected to WiFi on MacBook from iPad
4. Downloaded the TikTok application
5. Ran packet capture during the setup of the account for TikTok

For a comparison I had one of my daughters use her iPhone/TikTok and captured that data as well.

While most of the transactions that occur with TikTok are in fact TLS, there are a couple of things when the application starts up that is not.

Do you see an issue with these?

What do you see that should be of concern?

In addition to these non-TLS packets of data, Whenever there is a a new video played, some or all of it is actually sent without TLS/SSL.

This is from 15 minutes of reviewing.  From first glance they use OpenUDID which I thought was closed down in 2015.