tl;dr it does aggressive device fingerprinting, root detection, has anti-tampering mechanisms, bundles native code and has dynamic code loading and execution facilities.
IMO, none of which should be necessary for an app like this
A dynamic analysis is still needed to confirm what it actually does.
It would be good to do this kind of analysis on apps that have more than 10 million users - but in the mean time , has someone done this analysis on TicTok?
5 comments
[ 3.1 ms ] story [ 24.3 ms ] threadIMO, none of which should be necessary for an app like this
A dynamic analysis is still needed to confirm what it actually does.
I decided to do this after a researcher found obfuscated surveillance code in the web app https://apnews.com/article/deepseek-china-generative-ai-inte...
NowSecure found similar not great runtime behavior in the iOS mobile app https://www.nowsecure.com/press-releases/nowsecure-urges-ent...
This is the first Chinese app I've looked at, though it probably won't be the last.
https://www.nullpt.rs/reverse-engineering-tiktok-vm-1
https://arstechnica.com/information-technology/2020/07/chine...
Never install Chinese apps on your phone.