The following is a screen recording of recent activity on a Samsung Galaxy S 20 plus, from January 3rd, 2022. It shows the device installing, then initializing, the Android version of the application known as TikTok, obtained from Google's Play Store. The intention is to investigate the sources of any network requests received from the TikTok application.
There is a firewall installed on this device. So, requests from any I.P. addresses that are not whitelisted within the firewall's filters, are initially blocked and treated as pending. A corresponding notification will then be delivered. The user can then examine the request and determine whether or not the connection should be permitted.
The firewall app keeps a detailed activity log of all requests. Any I.P. addresses originating from TikTok requesting a connection to the network, are recorded for analysis. Immediately proceeding the running of the TikTok application, 45 pending requests from new, individually unique IP addresses are logged. As the screen recording reveals, this activity occurs less than 10 seconds after the app is installed. The total number of blocked requests was 161, all occurring within a 2 minute period proceeding the install. It is noted this is not typical app behavior, and ultimately is a gross misuse of network resources. This tactic not only proves to be counterintuitive, but also exemplifies the obvious amateur coding abilities of the development team. These substandard techniques also reveal a true lack of proficiency and imagination in the overall design and implementation of the entire application. A more obfuscated approach to these, high school hacker level methods, could have been easily implemented on a passive level with minimal possibility of user detection or interaction.
The bombardment of new and repeated requests continue to be recorded by the firewall. The persistent application behavior shows a clear lack of concern from the developer regarding the volume of user data the application consumes, as well as a complete disregard toward the potential expenditure on the hardware of any devices handling the traffic. It is noted that the majority of these requests appear to be originating from IP addresses located in the same subnet. The subnet is owned by Akamai Technologies, which is a cloud computing company based out of Massachusetts.
One of these addresses is selected at random to investigate further. A visual traceroute is run on the address. Results will provide an estimated geographic location of the requesting IP address, as well as the location of any network hops between source and endpoint. The software utilized for geo-locating is known as Intrace. Intrace determined the coordinates of the address requesting access to our device through the TikTok application to be within a close, logistically feasible proximity, either inside or around, the building for the Federal Bureau of Investigation, in Newark, NJ.
End transmission.
▶️ 3Speak