Gerald van de Werve, 5th Lord of Hovorst

gollark: > > There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary> so here's the thing, TikTok as an app, continuously downloads files i.e video files, it's kinda the whole point. there's nothing "odd" about being able to download and extract zip files, the odd thing is delivering executables via zip. however, this is a non-issue and honestly a red herring, why?This is irrelevant. Yes, downloading video files is normal, downloading extra code which might be doing whatever (subject to sandboxing, at least) is not.

gollark: It could record locally and upload later, though.

gollark: This person apparently reverse-engineered it statically, not at runtime, but it *can* probably detect if you're trying to reverse-engineer it a bit while running.

gollark: > > App behavior changes slightly if they know you're trying to figure out what they're doing> this sentence makes no sense to me, "if they know"? he's dissecting the code as per his own statement, thus looking at rows of text in various format. the app isn't running - so how can it change? does the app have self-awareness? this sounds like something out of a bad sci-fi movie from the 90's.It's totally possible for applications to detect and resist being debugged a bit.

gollark: > this is standard programming dogma, detailed logging takes a lot of space and typically you enable logging on the fly on clients to catch errors. this is literally cookie cutter "how to build apps 101", and not scary. or, phrased differently, is it scary if all of that logging was always on? obviously not as it's agreed upon and detailed in TikTok's privacy policy (really), so why is it scary that there's an on and off switch?This is them saying that remotely configurable logging is fine and normal; I don't think them being able to arbitrarily gather more data is good.