A coder named augustgl has reverse-engineered TikTok’s Android app’s source code and published it on the GitHub repository. He did this to prove that TikTok is spyware, and even forked it repeatedly and published it repeatedly. While TikTok has used DMCA notices to takedown them across GitHub, it’s unknown whether it’s exploited or not yet.
TikTok’s Source Code Published on GitHub
TikTok has been the target for many in terms of security. The short-video recording platform was accused by many researchers and even the governments of India the US for stealing user data and exporting it to China. Since this is considered an intellectual fraud, many have banned the app in their nations.
Now, another person is calling this app “legitimate spyware.” The coder, augustgl from GitHub, claims to have reverse-engineered TikTok’s Android app and found that it’s collecting data from users in several ways. He published the source code retrieved from his GitHub account, which was then forked by some other users!
TikTok has responded immediately and filed DMCA notices to GitHub, asking the code repository to takedown augustgl’s posting and others who forked it. TikTok claimed this action on copyright infringement since the source code was belonging to their Android app.
While GitHub complied with this and took it down effectively, it has informed TikTok later that five more such forked repositories were available, which promoted TikTok to file another notice and pull them down immediately.
The second DMCA notice read, “The original copyrighted work is source code for the TikTok Android app. Github user [redacted, but almost certainly a reference to ‘augustgl’] appears to claim to have reverse-engineered the app. We submitted a DMCA notification to GitHub previously, resulting in a takedown. GitHub subsequently notified us that the user still had forks posted.”
While it was taken down, the coder augustgl blamed that service is sucking data like location tracking, phone calls, screenshots, WiFi networks, and facial recognition. It’s unknown where the source code has been shared and how it’s being used.