In a development that underscores deepening legal troubles for Chinese video-sharing app TikTok, a California college student has filed a class-action lawsuit against it alleging that it has transferred private user data to servers in China.
The allegations deepen legal troubles for TikTok, owned by Beijing ByteDance Technology Co, in the United States, and comes in the wake of a probe by the U.S. government over concerns of data storage and potential censorship of political sensitive content.
The lawsuit, which was filed in the U.S. District Court for the Northern District of California last Wednesday and was originally reported by The Daily Beast; its report alleges that TikTok has surreptitiously “vacuumed up and transferred to servers in China vast quantities of private and personally-identifiable user data.”
While TikTok did not immediately respond to requests for comments on the allegations, it continues to maintain that it stores all U.S. user data in the United States with backups in Singapore. Tiktok remains silent whether the data has been routed through China.
Court documents identify the plaintiff as Misty Hong, a college student and resident of Palo Alto, California, who downloaded the TikTok app in March or April 2019 but never created an account.
Hong has alleged that although she did not create an accounts, months later, she discovered that TikTok had created an account for her, without her knowledge and had produced a dossier of private information about her, which includes her biometric information gleaned from videos she created but never posted.
According to the filing, TikTok had transferred user data to two servers in China – umeng.com and bugly.qq.com – in April 2019; the data transferred includes information about the user’s device and any websites the user had visited.
Incidentally, Bugly is owned by Tencent, China’s largest mobile software company, which also owns WeChat, a Chinese social media network; Umeng is a part of China’s Alibaba Group.
Further, the lawsuit also claims that source code from Baidu, a Chinese tech giant, is embedded within the TikTok app, as is source code from Igexin, a Chinese advertising service, which security researchers discovered in 2017 was enabling developers to install spyware on a user’s phone.
Papers filed in court did not provide supporting documents showing data transfers to China or the existence of Baidu or Igexin source code in the app.
Neither Hong nor her legal representatives could be immediately reached for comment.