According to a recent report by cybersecurity company Internet 2.0, TikTok has expanded its location data collection to include altitude, potentially allowing the app to determine a user’s specific floor within a building.
Last year, Internet 2.0 conducted a study on TikTok’s data collection practices, which revealed that the app scans users’ hard drives and geolocates their devices every hour, in addition to collecting contact lists and calendar information. Despite this, TikTok dismissed the report as unfounded and comparable to data collection practices employed by other social media platforms.
Following last year’s report by Internet 2.0 that revealed the extent of TikTok’s data collection, the social media company has been accused of increasing the amount of location information it collects to include altitude, which could allow it to determine what floor a user is on.
As a result, several Western countries, including Australia, have banned the app from government-issued devices amid concerns that the Chinese government could access data under national security laws. Despite this, TikTok has never directly addressed the issues raised in the report, according to Internet 2.0 director David Robinson.
The director of cybersecurity firm Internet 2.0, David Robinson, has told a Senate committee that TikTok has increased the location information it collects, potentially to the level of a user’s floor in a building, a claim rejected by TikTok.
Last year, Internet 2.0 revealed that TikTok scanned hard drives and geolocated devices every hour, and collected user contact lists and calendar information. Following the report, several western countries, including Australia, banned the app from government devices over national security concerns. TikTok has previously described the report as “baseless”.
According to a spokesperson, TikTok does not collect GPS location data from users in Australia and does not ask for permission to do so. However, in regions where a user has enabled and granted access to location services, TikTok collects this information through device GPS data.
The spokesperson also acknowledged that the analysis conducted by Internet 2.0 is inconclusive and lacks a detailed source code review, which is the most effective way to evaluate data collection practices.
Robinson, a representative for TikTok, stated that the results presented by Internet 2.0 were inaccurate and inconsistent due to a flawed and biased analysis that lacked thorough investigation.
In contrast, Robinson claimed that other companies, such as Telegram and Proton, had provided more information or clarification regarding their source code when analyzed by Internet 2.0. Robinson noted that TikTok had not followed the same approach.
During a hearing, Robinson commented that it is normal and trustworthy behavior for a company to acknowledge and address any issues that arise, rather than denying or ignoring them. He stated that while no company is perfect, being honest and transparent about addressing issues is key.
Robinson expressed his distrust towards Internet 2.0 for not disclosing their source code and not providing clear explanations, which he believes is important for building trust. The hearing is set to continue on Friday.