TikTok accused of sending user data to China
A California college student has accused popular video-sharing app TikTok in a class-action lawsuit of transferring private user data to servers in China, despite the company’s assurances it does not store personal data there.
The allegations may deepen legal troubles in the US for TikTok, which is owned by Beijing Bytedance Technology Co but operates entirely outside China and has developed an especially devoted fan base among US teenagers.
The company is already facing a US government national security probe over concerns about data storage and possible censorship of political sensitive content.
The lawsuit, filed in the US District Court for the Northern District of California last Wednesday, alleges TikTok has surreptitiously “vacuumed up and transferred to servers in China vast quantities of private and personally identifiable user data”.
TikTok did not immediately respond to a request for comment on the allegations, but maintains it stores all US user data in the US with backups in Singapore.
The documents identify the plaintiff as Misty Hong, a college student and resident of Palo Alto, California, who downloaded the TikTok app in March or April 2019, but never created an account.
Months later, she alleges, she discovered TikTok had created an account for her without her knowledge and produced a dossier of private information about her, including biometric information gleaned from videos she created but never posted.
According to the filing, TikTok transferred user data to two servers in China — bugly.qq.com and umeng.com — as recently as April, including information about the user’s device and any websites the user had visited.
Bugly is owned by Tencent, China’s largest mobile software company, which also owns social network WeChat, while Umeng is part of Chinese e-commerce giant Alibaba Group.
The lawsuit also claims source code from Chinese tech giant Baidu is embedded within the TikTok app, as is code from Igexin, a Chinese advertising service, which security researchers discovered in 2017 was enabling developers to install spyware on a user’s phone.
The legal documents did not provide evidence of the data transfers or the existence of Baidu or Igexin source code in the app.
Hong and her legal representatives could not be reached for comment. — Reuters