Author | Elliot Alderson
Translator | Sambodhi
Planning | Zhao Yuying
Recently, TikTok's fate has been twisted. In this article, let's take a look at the results of hackers' research on TikTok.
This article was originally published on the Medium blog, authorized by the original author Elliot Alderson, and translated and shared on the InfoQ Chinese website.
Since I published my first article "What algorithm does TikTok use to transmit and encrypt content?" "(TikTok: Logs, Logs, Logs) Since then, many things have happened.
Microsoft confirmed that the company is seeking to acquire TikTok's operations in the United States, Australia, Canada and New Zealand.
Trump was supposed to ban TikTok on August 2, and then threatened that TikTok would “close” on September 15 unless it was acquired by a US company. Finally, he signed an executive order requiring TikTok's Chinese parent company to complete the sale transaction within 45 days from Thursday. Once the specified period has passed, no American individual or company will be allowed to conduct transactions with it. An executive order was signed to prohibit individuals or companies under US jurisdiction from conducting “any transactions” with Tencent, a Chinese company that owns WeChat, after 45 days.
Trump later changed his mind and gave TikTok a new deadline: 90 days instead of 45 days as originally called.
The Wall Street Journal revealed that TikTok had been tracking the MAC address of the user's device without the user's consent until November 2019.
We still speak with facts to better understand TikTok.
1
Disclaimer
TikTok provides users with a lot of features, thanks to its millions of lines of code. Therefore, it is impossible to cover a broad and vague answer to questions like "Is TikTok a threat to national security?" with just one article. Therefore, I plan to discuss this issue in a series of articles, each with a specific topic.
I am a French security researcher and have been analyzing mobile applications for many years. You can find my public works at http://fs0c131y.com/press and find me at http://twitter.com/fs0c131y.
My goal is to be completely transparent, to share everything I know.
If you want to skip the technical details, you can find a summary at the end of this article.
2
Foreword
In my previous article "What algorithm does TikTok use to transmit and encrypt content? In (TikTok: Logs, Logs, Logs), I decrypted the content of the app_log network request sent by TikTok. After
completes decryption, one problem still exists:
event records. I need to take a closer look at what they think of as an "event", but as far as I know, this seems to be a fairly standard analytical solution.
In this article, I will answer the following questions: What is the definition of TikTok's application log?
3
What is TikTok's application log?
Our starting point is the keyword app_log. To understand how TikTok handles application logs, I decompiled the application and analyzed the source code. I quickly found the definition of ss_app_log.db in the DBHelper class.
This is very interesting, TikTok uses a local database to store application logs. I checked the mobile phone used in the test to confirm this.
As you can see, TikTok has created many databases. If you open the file ss_app_log.db, you can find some data in the event table.
theseThe signature of the method provides us with 3 new objects: LogEvent, LogPage, LogSession.
This answers our initial question! The application log of TikTok can be LogEvent, LogPage or LogSession.
4
What is in these application logs (actually)?
is great, I found the definition of different log objects, but what does TikTok really send?
It's time to use Frida to intercept the 6 insertion methods of the DBHelper class.
In this way, I get the detailed information of all application logs created by TikTok when using the application. Below are examples of log sessions, log events and logs, and miscellaneous logs.
I also published a complete list of application logs created by TikTok during application startup:
https://gist.github.com/fs0c131y/b4ef278e8863c636964793e1b27f889d
Do these logs contain personal data? The answer is no. The most you can find is data about the device, such as operating system, operating system version, device model, device brand, pixel density, etc. Basically that's it, nothing more.
5
Summary
In this article, I found the definition of different types of TikTok logs and observed how they are dynamically created. After analysis, the application log does not seem to contain personal data.
Through these two articles, we have a good overview of TikTok application logs. The next article will specifically discuss how TikTok uses a well-known technique on the Android system to obtain the Mac address of the user's device.
Author introduction:
Elliot Alderson, French hacker. Fighting false information at Predicta Lab has nothing to do with USANetwork.
https://medium.com/@fs0c131y/tiktok-what-is-an-app-log-da70193f875
InfoQ writing platform welcomes all content creators who love technology, creation, and sharing!
and more value activities are waiting for you!
