Assuming Tik Tok is sold to Microsoft or Twitter. How hard will it be to find and remove any Trojans, backdoors, or secret data collection?
I’m assuming the Source code will be quite long? Especially if all the call libraries have to be checked too? I’m assuming the code uses a lot of calls and objects. It’s going to be difficult for a new team of programmers to fully understand everything that’s being done. Depends on the documentation. System flowcharts will be helpful.
I remember in the 1990’s network monitoring became possible. You could find out if software “called home”. Look at data packets and see what’s sent.
Apparently that’s not enough in 2020 to convince authorities that Tik Tok isn’t a security risk.
Selling the software is a first step. But anything embedded in the code will still be there and could write data to various IP addresses.
How hard would it be to ensure Tik Tok isn’t a Security Risk? (after a Microsoft or Twitter acquisition)?
Would the Military or State & Federal agencies ever allow staff to install this App?
Back doors are a big concern. Tik Tock could be sold and the original developers could still get into it with a undetected back door. Backdoor (computing) - Wikipedia
There’s many other ways to exploit software. I haven’t stayed current on the modern vulnerabilities. Network security has become too specialized. I leave it to the experts at my job.
I’ve never used TikTok, but it seems to me, if someone as big as MS or google bought it, it would probably be easier in the short and long term to just rebuild it from the ground up and import the data.
That’s certainly true. Rewriting the Software is safest. I’m not familiar with coding Apps and don’t know how big a job it would be to rewrite Tic Tok.
There’s so many ways professionals could hide something in code
Another common hack is replacing a system call library. Pick something very common that’s used in almost all software. It’s hard to catch without checking the entire OS. Virus checkers look for compromised system files. Trojans use them.