Hacker News new | ask | show | jobs
Ask HN: Is Tik Tok Breaching Apple’s Privacy Guidelines?
13 points by filthyanimal22 2548 days ago
I found out that Tik Tok is uniquely identifying devices and may be breaching Apple’s policies.

1) Install the app

2) Don’t allow notifications or anything else

2) Search 25 terms

3) Tik Tok asks you to log in

-*

1) Uninstall the app

2) Reset Advertising ID

3) Switch IP address with VPN

4) Change timezone, language, region

5) Remove SIM card

6) Restart device

7) Reinstall Tik Tok

8) Tik Tok still knows that it’s you and asks you to log in.

I am sure they are not using the 2 bits from the DeviceCheck API, which Apple allows, but a more privacy invading option.

Anyone here has an idea what it is they are abusing?
2 comments
m34 2547 days ago
Maybe via NSUbiquitousKeyValueStore[1]?

Its purpose is synchronizing app state data across devices via iCloud.

[1] https://developer.apple.com/documentation/foundation/nsubiqu...

link
filthyanimal22 2547 days ago
I have iCloud deactivated.
link
chatmasta 2547 days ago
I know a popular app used to do this by saving an item to the keychain, which persisted between installations. I'm not sure if that's still possible but I would look into it.
link
filthyanimal22 2547 days ago
I assume that must be what they’re doing as well.

However the Keychain should only be used for logins, not to store UUIDs. I never logged in to Tik Tok

link