39 comments

[ 5.6 ms ] story [ 80.8 ms ] thread
Can someone peel out all the spyware-bullshit and still make it work?
I don't get why people complain when China spies but when US does the exact same it seemingly doesn't matter. I don't condone spying at all just seems like hypocrisy.
? This is source code not spying
Reverse engineering a published app isn't the same as "spying".
OP might be referencing how the linked repository’s README says TikTok is spyware
it's blatant hypocrisy. Tiktok is not exceptional when it comes to social media networks, it's just that they are headquartered in China
And China has laws that mandate all Chinese companies (meaning every company) must share every single bit of data, any time, with the authorities.

Cynical alphanet references aside, you need a judge's order in the US.

No hypocrisy.

US spying on people does not automatically make China spying on people good.
I don't get what this comment is aimed at?

The idea that US spying doesn't matter to anyone in the US is very out of touch, within the technical community and even outside of it.

The way surveillance manifests in the US and China is also quite different, enough that it warrants comparing and contrasting those differences.

This was not to say "Private citizens think US spying is good" (even though you'd be surprised how many non technical people think so). If the US spies the government is justifying it for "security purposes" and as necessary. I was talking about the blatant hypocrisy with the likes of the US wanting to ban Tik Tok while Facebook does the exact same (and the US gov being sponsored by a Saudi Prince known for human right abuses on North Korean level).
(comment deleted)
It seems to be just decompiled java code from the official apk. Nothing wondrous there. Anyone can do the same to any Android app.
This is just compiled jars? not even decompiled bytecode or anything? Can't you get all this stuff just by unzipping an APK file?
Look in classes/ in each folder :) the reverse engineered Java source is there
This isn't actually the source code but it appears to be reverse engineering from the released app.
This is true. There is Java code in there
This is a basic disassembly done with JD, full of obfuscated variable names, not any kind of leaked source.
NSA already had this in place
Interesting. Would be really helpful to see a more detailed expert audit on the reverse-engineered source code, and point out to the actual privacy offenses, and analyze how dangerous they really are compared to other social media apps (Twitter, Facebook, ...)
This is just some bullshit there. I'm not android dev by any means, but I went to "location tracking" part https://github.com/augustgl/tiktok_source/blob/master/df_min...) referenced in the first sentence and it just seem to use official Android api and nothing else:

import android.location.Location;

This doesn't deserve to be on frontpage.

I don’t think you read the code carefully
enlighten me, please.
I'm not sure this is a good precedent to set. if the eula that you agreed to doesn't allow decompilation or reverse-engineering, then github shouldn't allow it. Conversely, if this is okay to do, then we should be allowed to do this to any code not just TikTok or code that comes from China, even your code even if it means in doing so you might lose some revenue.

There's an argument to be made that all software should be free as in speech, so I won't make the argument here.

It's because it's a Chinese app. US companies have all incentive to show Communist spying. If it was Facebook app it would have been deleted instantly.
It is clear you understand there exists a bind you can exploit for your own gains. This is no different than some license troll working the angle there's no way to contact all contributors to an "open source" project AND have a legally valid argument to remove said viral license, which itself was written by a sociopath.
While I technically would agree with you the problem is the US calls itself democracy. This behaviour is not a free democracy.
The "weird list in the screenshot code" is just common names for screen shot files ...
hey everyone! I’m august, the guy who posted this. It is not leaked source code. I reverse engineered the tiktok APK (which was for some reason not protected) and uploaded the source code. I apologize for the confusion.

There is source code in the classes/ folder for the different parts.

Also please be sure to read the code carefully before you comment! Thanks.

Asking the internet to do something (like reading carefully before commenting), when nothing is stopping them from totally ignoring you, is a losing strategy!