Summary

Internet 2.0 using Malcore have analyzed the top Bytedance mobile applications in the market. A summary of our findings are:

1. Pangle was the most used SDK with all but 1 having the Pangle SDK library loaded.

   1. This is interesting because they denied using Pangle when we pointed it out in Feb 23. View Here.

      Pangle is a SDK advertised as TikTok ads for business on their website.

   2. TikTok openly hires developers for Pangle and advertises it on their developer website.

   3. Many Pangle employees on LinkedIn also concurrently work at TikTok or Bytedance including Sen Li head of the algorithm..

   4. Pangle is listed as a Bytedance SDK on the Bytedance public Github repository and as an artefact on Bytedance.

2. Many of the applications had the non-standard string.

   com.google.android.gms.permission.AD_ID

   This string is a required permission by google if the Bytedance app is asking to collect the google advertising identify number from the android OS. See here for Google Ref.

3. The average Bytedance score was 43.1. The average Malcore risk score for the social media sector was 26.8.

4. TikTok still scored the highest with a Malcore Risk Score of 60. This is 3.1 points less than their Dec 2022 score we have published previously.

List of Results

In our analysis we looked at 9 Bytedance apps: Their Malcore Risk scores and linked the Malcore pages here.

‘Hypic - Photo Editor & AI Art’ published by ByteDance Pte. Ltd which scored 26

‘Marvel Snap’ published by Nuverse (Acquired by ByteDance in 2017) which scored 35

‘Mobile Legends: Bang Bang’ published by Moonton (Acquired by ByteDance in 2021) which scored 39

‘Ulike - Define your selfie in’ published by ByteDance Pte. Ltd which scored 38

‘Lemon8’ published by Heliophilia Pte. Ltd. (ByteDance) which scored 45

‘Sweet Crossing’ published by Moonton (Acquired by ByteDance in 2021) which scored 49

‘CapCut - Video Editor’ published by ByteDance Pte. Ltd which scored 53

TikTok - Score of 60

SDK Data Graphs

What is Malcore

Malcore is a software tool that checks the code of mobile applications for potential issues and assesses overall security and privacy risk. It does this by looking at the code, software development kits used and the permissions requested by the app. A Malcore risk score represents the overall cumulative total of issues found. Points are added through a risk based scoring system every time an issue is flagged.

To view how the scoring system works view here.

Scoring System

The tool also checks for the presence of trackers, which are used to collect data about how the app is being used. Some trackers are legitimate, but others may be used for advertising or to collect data about users without their knowledge or consent.

Scores are given to the issues found based on their severity, with dangerous permissions and high severity warnings getting the highest scores.

Try Malcore for Free now!

Free Malcore Registration