TikTok, the widely popular Chinese short-form video sharing platform, has attracted an array of third-party apps offering engagement-boosting services. The DFRLab found more than 50 apps that were offering engagement services, apps that are prevalent in the Google Play Store.

TikTok is a short video sharing platform owned by Beijing company ByteDance. The app is built with a collaborative functionality wherein users can splice in other user’s videos on the platform into their own; this functionality is one reason that TikTok has achieved significant popularity among teens. Similar to the now-extinct short-form video platform Vine, TikTok is known for brisk videos with short runtimes. Unlike Vine and other engagement-focused platforms such as Snapchat, however, interactions on TikTok are a little less intuitive as it is “less reliant on a simple follower model, instead employing assertive and opaque recommendations,” according to The New York Times.

The rise of a marketplace for inauthentic engagement for TikTok is similar to boosting tools on other social media platforms. A number of apps for fake engagement available in Google’s app market provide purchasable likes and followers for TikTok accounts, such as 10 likes for $1.00. Other fake engagement apps provide the same product for a user’s time or data, such as getting likes for clicking on ads.

These apps raise two primary concerns. First, their activity could be used to make social media accounts appear to be more popular or legitimate than they actually are. This sort of gamification of algorithms to gain popularity is common and can be seen in everything from hashtag campaigns to impersonations of high profile public figures. Second, these apps introduce data privacy issues in their demand for broad access to a user’s phone permissions and personal information with little transparency on its collection, retention, and usage.

In this case, the DFRLab found a number of engagement-boosting apps that could collect more personal information than claimed. The apps collecting the data offered engagement in return for a user’s phone permissions and clickthroughs on advertising links.

The case showed that inauthentic engagement is not specific to any single platform and often requires a mutually reinforcing ecosystem across social media.

Apps and app stores

Smartphones operate by an app-based ecosystem. Apps can have a discrete, isolated user interface that keeps their operations within the app itself. Other apps, such as those uncovered in this investigation, interact — or even demand access to — another app, which creates an ecosystem of apps dependent on other apps. Put differently, using one app might require that you give it permission to download or upload data to another. For example, to upload a photo to Instagram, a user has to grant Instagram permission to access the phone’s photo library.

App stores are where a user can download a range of apps. Some companies, such as Apple, have strict requirements for what apps are available in their app stores. Other companies’ app stores, such as Google Play Store, have historically been a more unregulated marketplace, allowing a broader array of apps to be made available in the stores. That said, even these less regulated stores are not regulation free, as is evident by Google’s recent removal of upwards of 600 apps from its store, including some of the apps analyzed here.

Social media users looking to build an audience quickly on platforms with intense competition for engagement often find themselves tempted by dubious apps. The Google Play Store is one place to find apps that perform this inauthentic boosting function.

While this case was focused on TikTok, selling engagement for profit is not limited to only TikTok, as other platforms such as Facebook are also susceptible to paid-engagement operations.

Bartering likes for personal information

Engagement on TikTok comes in the form of likes, followers, and comments. Higher engagement acts as a social endorsement cue, signaling to users that the content is popular and possibly more worthwhile.

These apps typically offer a guaranteed increase in engagement, such as likes or follows, in exchange for money or personal data. Some of them also bring in revenue from ads and are easily downloadable in the Google Play Store. The DFRLab has put together a spreadsheet of some of the fake engagement apps currently available in the Google Play Store.