5 comments

[ 3.1 ms ] story [ 24.3 ms ] thread
tl;dr it does aggressive device fingerprinting, root detection, has anti-tampering mechanisms, bundles native code and has dynamic code loading and execution facilities.

IMO, none of which should be necessary for an app like this

A dynamic analysis is still needed to confirm what it actually does.

I decided to do this after a researcher found obfuscated surveillance code in the web app https://apnews.com/article/deepseek-china-generative-ai-inte...

NowSecure found similar not great runtime behavior in the iOS mobile app https://www.nowsecure.com/press-releases/nowsecure-urges-ent...

It would be good to do this kind of analysis on apps that have more than 10 million users - but in the mean time , has someone done this analysis on TicTok?