Excerpt from July 19, 2020, article in The Times of London..
Zimperium, a mobile security specialist, last month carried out a granular analysis of the data collected by the international Android version of the app — the one on any non-iPhone in Britain — and graded it on a scale of 0 to 100, with 100 being the least private possible. TikTok’s grade: 100. Zimperium’s Kern Smith pointed to a few issues, such as the app’s ability to read messages stored on your clipboard — the content you cut and paste — which looked “fairly aggressive”. He said: “It was like, ‘Wait, why does a social media app that doesn’t have messaging capabilities need to read my clipboard?’ ”
Another oddity was its collection of IP and MAC addresses (software and hardware respectively) that allowed it to track user locations — even if GPS tracking was switched off. Smith added: “It is curious that a social media app would be wanting that precise geolocation.”
He also said, however, that he was less concerned about the few “curious” capabilities peppered throughout the app, and more with the cumulative effect of all of the ways in which TikTok was mining information. “It was never really one specific thing that stood out. It was more the effect of all these items stacked upon each other. The eyebrow kept raising until it met my hairline.”