A California college student has accused popular video-sharing app Tiktok in a class-action lawsuit of transferring private video data to servers in China despite the company’s assurance that it does not store personal data.
The allegations could deepen legal troubles in the United States for Tiktok, which is owned by Beijing ByteDance Technology, but operates entirely outside China and has developed a particularly dedicated fan base among American teenagers .
The company is already facing a US government national security investigation over concerns about data storage and possible censorship of politically sensitive content.
The lawsuit, filed last Wednesday in the US District Court for the Northern District of California and originally reported by The Daily Beast, alleges that Tiktok has “proffered privately and personally identifiable user data The volume has vacuumed and moved servers in China. ”
TikTok did not immediately respond to a request for comment on the allegations, but states that it stored all user data in the United States with backups in Singapore.
The documents identify the plaintiff as Misty Hong, a college student and resident of Palo Alto, California, who downloaded the TikTok app in March or April 2019 but never created an account.
Months later, she alleges, she finds out that Tiktok had created an account for her without her knowledge and created a dossier of personal information about her, including biometric information from videos she had made, but never Did not post
According to the filing, TikTok transferred user data to two servers in China – bugly.qq.com and umeng.com – as recently as April 2019, including information about the user’s device and any website the user visited. .
Bugli is owned by China’s largest mobile software company Tencent, which also owns the social network WeChat, while Umeng is part of the Chinese e-commerce giant Alibaba Group.
The lawsuit also claims that source code from Chinese tech giant Baidu is embedded within the TikTok app, as is code from Igexin, a Chinese advertising service, which security researchers discovered in 2017 led developers to install spyware on a user’s phone I was able to
Legal documents did not prove the existence of Baidu or Igexin source code in the data transfer or app. Hong and his legal representatives could not immediately be reached for comment.