TikTok commissioned a report from an Aussie tech academic to assess the platform’s security woes. Yes, that’s right. The company under severe scrutiny for its security practices (or lack thereof) has produced its own report to tell us it’s got great data collection and privacy practices. Well, not great, but no worse than other social media companies that operate in Australia.
Lending his name to the cause is Nigel Phair, he’s a Professor of Cyber Security at Monash University. Phair assessed the data gathering principles of the major digital platforms in Australia – Facebook, Google, Twitter, and TikTok – seeking, TikTok said, to understand how much data these companies gather and how they use it.
“The independent technical analysis found that TikTok’s data collection practices are in-line with its peers, and in addition, the security posture of the TikTok mobile application app is consistent with its peers,” TikTok wrote in a media blast.
Something interesting from the report was the stat that average daily time spent by Australians on social media is 2 hours and 4 minutes. The average time per month users spend on TikTok is 29 hours and 36 minutes, Facebook, 17 hours and 48 minutes, Instagram, 8 hours and 36 minutes, and WhatsApp, 5 hours and 36 minutes. TikTok reportedly reaches 37 per cent of Australian adults, or around 7.38 million people, and is the world’s fifth most used social media platform, with more than a billion global monthly active users.
In Australia, Facebook has 18.12 million active users, Instagram, 13.62 million active users, and Twitter, 6.96 million active users.
The findings
Analysis by Australian cybersecurity firm Internet 2.0 back in July found TikTok requests almost complete access to the contents of a phone while the app is in use. That data includes calendar, contact lists and photos.
“An analysis of … the privacy policies of Facebook, Google, Twitter, and TikTok revealed that each of the four platforms was within a close range of one another when it came to the number of data points collected,” Phair wrote, noting that Google collects the most amount of data points (39 out of the 40 specific collection attributes the research used).
These 40 attributes include info like name, date of birth, videos watched, billing address, etc. TikTok only collects 31 (Meta 33 and Twitter 29).
Now, onto permissions and the report said Facebook (Meta) requests the most, followed by Snapchat, then TikTok. TikTok was ranked last when it came to requesting “Potentially Dangerous Permissions”.
The China-owned video app has come under increasing focus over fears that user data could end up in the hands of the Chinese government, undermining Western security interests. The TikTok report said Australia and U.S. governments request data, too.
In 2021, Facebook was asked by the U.S. government for disclosure of user information on 123,653 occasions, and the Australian government on 3,717. TikTok was only asked by the Australian government for data on users 69 times. It didn’t say how many times TikTok was asked by the Chinese government, however, it provided a ‘global’ request figure – that was 4,570 for TikTok, 23,869 from Twitter, 303,247 from Google, and 425,832 from Facebook.
Keep in mind that these are requests, not completed transactions where the platforms gave over user deets.
In further under-bus-throwing, the TikTok report told us that banks and telcos also collect a lot of info. It just c+p the disclaimers from the likes of Commonwealth Bank, Optus, and Afterpay, however.
“As can be seen from the publicly available policies above, these organisations all state that they may share Australians’ personal data with overseas-based entities, including in China,” the report noted.
To summarise, Phair wrote:
The analysis conducted for this report, including the detailed technical investigation comprising static and dynamic application analysis, suggests that the four digital platforms considered are similar in their collection of data. In light of these similarities, and the ubiquitous nature of overseas data flows, the case for singling out digital platforms based solely on their country of origin appears misconceived.
To the contrary, these findings suggest that a platform-agnostic approach is a necessary precondition to any mature discussion about contemporary privacy risks in the online environment.
Well, that settles it, then.