What it is?
TikTok, an emerging app is rapidly gaining popularity. It recently unseated Instagram, YouTube and Snapchat as the top free app in Apple’s App Store[i]. As of Nov. 6 2018, according to industry research firm App Annie, the app ranked first among photo and video apps in daily iPhone downloads in the US[ii].
TikTok is a short-form video social network, allowing users to create their videos using built-in effects and trending music tracks. TikTok users can also receive comments, likes, direct messages and follows from other users on the platform. It extremely popular among teenagers and children. All the profiles are public by default and switching your profile to private currently does not limit the ability of other users to send direct messages to you. All videos from TikTok are allowed be downloaded on the device and shared across other messaging platforms as well. A simple TikTok watermark is placed on the saved videos.
Concerns about the app and its content are growing nearly as rapidly as its popularity[iii]. The app developers claim the app is “raw, real, and without boundaries[iv]”, which also could be interpreted as “dangerous”, especially in the hands of teenagers and children. Several warnings were already handed to parents[v] and posted online[vi].
In February 27, 2019, TikTok was handed the largest civil penalty ($5.7 million) ever obtained by the Federal Trade Commission for violating the Children’s Online Privacy Protection Act (COPPA)[vii]. Being aware that a significant percentage of users were younger than 13, TikTok failed to notify parents about the app’s collection and use of personal information from users under 13, as well as obtain parental consent before such collection and use, and delete personal information at the request of parents[viii]. In response, TikTok launched a separate app for US users, where “users cannot share their videos on TikTok, comment on others’ videos, message with users, or maintain a profile or followers[ix]”.
There are several cases in the news as well. For example, in Los Angeles County, a man targeted several children as young as 9 on TikTok, appearing later on their doorstep unannounced posing as a delivery driver[x]. Cases of online bullying, child enticement and abuse on TikTok have not been uncommon, but often prove difficult to investigate. Coming to the rescue, in Oxygen Forensic® Detective we have added data extraction and decryption from the TikTok app for both from Android physical dumps and all iOS devices, both jailbroken and non-jailbroken.
What can we do?
From Apple devices we extract detailed account information, including the username, real name, profile picture, description of the main account and any additional ones previously logged in from the device. So, even if a child predator used several accounts prior to using the phone now under investigation an investigator can still uncover their previous accounts and activities.
From Apple devices we also extract the contact list, which includes followers, follows and unfollowed as well as deleted contacts. This means, that if a child predator unfollowed the accounts, so as to not get caught, the investigator could still obtain this data.
Chat information can be extracted from Apple devices as well, including deleted messages. For investigators this is tremendous! Now, in any criminal investigation wiping the message history will not let the criminal get away. Investigators also can extract the cookies and cache, including images, videos, links and logs. With this data, an investigator can recreate the entire TikTok experience of the suspect.
From Android devices we have you covered! Not only can all the previously described categories be extracted but user downloads, activity history, audio files and hashtags (both used and searched) as well!
What does it look like?
the extracted data from TikTok is divided into sections. All data can be marked
as Key Evidence or assigned a tag. Furthermore, all communications can be shown
on the Social Graph by clicking at the upper Social Graph tab as well as shown
in the familiar Chat mode (Chats tab). Within this section all events can also be
sorted by time stamps (Timeline tab).
[viii]The federal Children’s Online Privacy Protection Act (COPPA) requires websites and online services aimed at kids to obtain parental consent before collecting personal information from children under 13.