It’s time to have fun!

It's a trap! #douyin

The same way TikTok uploads "app_log", Douyin uploads "app_logs". Yes, it's an HTTP request. It's very common when you analyse Chinese apps.

Another HTTP request to beacon-api.aliyuncs.com (Alibaba cloud communication system) with your deviceId in clear text

When you start the app, #Douyin sends your location, bssid, deviceId and other stuff with a HTTP request to amdcopen.m.taobao.com

Yes, this is what a privacy nightmare looks like

These puppies falls are offered by #Douyin

Douyin send your MAC address as a parameter in one of their app_log requests... 😡

Worth saying, it's a violation of the Google Play Store rules but they don't care, they are not on the Play Store

If someone from TikTok read this tweet: I know that the nasty stuff are in this encrypted content 😘

2 apps, same requests: on the left you have TikTok, on the right Douyin. Can you spot the differences?

=> mac_address

Few weeks ago I decrypted the content of the app_log requests made by TikTok, it's time to do the same thing for Douyin medium.com/@fs0c131y/tikt…

I need a coffee, meanwhile enjoy this pig 😅

I'm back. Douyin and TikTok use the same library for the app logs but not the same version

It means the Frida function I made last time for my article is working with Douyin. I get the logs but Douyin shows me a no connection screen

I can bet the version of the "app_log library" in Douyin is the most recent version. Then, they will probably update TikTok.

My last tweet was probably not accurate, I deleted it. If you search Covid19 on #douyin you will get a lot of (old?) videos mocking US politicians/celebrities because they don't know the meaning of Covid19.

If you are a Chinese native speaker, can you tell me what he is saying?

I understand he is talking about Covid19 and the independance of Taiwan but I don't see the relation between the two...

I'm French, so I searched "sex" on #douyin 😅. This is top video for this keyword. I'm a little bit disappointing 😂

Joke aside, China is a very different world and it's always interesting to see how they handle "sex videos" on a giant network like douyin

Before closing this thread, let's give a look at the MAC address retrieval methods. First thing, I'm pretty sure they use different ways to get it.

In the a class of the com.ss.android.deviceregister package you can find this code.
1) Call e.i method with the Context as a parameter to get the mac
2) Check the shared preferences to see if the MAC address is already saved

You can cool stuff? Check the com.ss.android.deviceregister.d class. The previous i method, which can be renamed getMacAddress, is working like this:
1) Call getMacAddress() from the WifiInfo class
Since Android Marshmallow it returns a default value 02:00:00:00:00:00

2) If you get the default value, enumerate the network interfaces as explained in this stackoverflow answer stackoverflow.com/questions/3310…

Someone asked: yes douyin is also taking the IMEI

Remember the 2nd tweet of this thread? This is why, probably not the only reason, they wanted the phone permission. They take the voicemail number of the user...

They check the running apps...

They take the subscriberId and they also have a method to get the bluetooth address...

We saw it at the beginning of the thread, they also take the bssid

getAllCellInfo

The package com.ss.android.deviceregister is a gold mine and a nightmare in term of privacy...

It's time to close this thread. We learned that:
- Without surprise, Douyin, the Chinese version of TikTok, is a privacy nightmare
- The TikTok and Douyin data collections are different