TikTok. You’ve likely heard of, or used, this wildly popular app. If you are one of the few who doesn’t know what TikTok is, the app is social media sharing app used to create short dance, lip-sync, comedy and talent videos. It’s been downloaded over 2 billion times on the app store and Google play (as of 07/03/2020), and has over 800 million active users worldwide. A whopping 69% of TikTok users are Gen Z’ers (age 7 to 22). Chances are either you’re a TikTok app user, or a family member or close associate is. But, did you know that this app has been banned in India? Or, that the US government is also considering banning the TikTok app over security concerns? From its Chinese ownership to concern about the app’s privacy policy and data access, there are some well founded concerns about the TikTok app security that you should be aware of.
TikTok Ownership Concerns
TikTok is owned by Beijing China based ByteDance, which was founded in 2012. When ByteDance merged with Musical.ly in August, 2018, the TikTok app became available in the USA. Due to its Chinese ownership, many are concerned about the implications of China’s Internet security law which “requires network operators in China to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request.” But, in TikTok’s Statement on Content Moderation and Data Security Practices it indicates “TikTok US user data is stored in the United States, with backup redundancy in Singapore.” And, TikTok confirms their data centers are not located in China and none of the data is subject to Chinese law. But, ultimately, TikTok has China ownership, and that’s concerning because the TikTok app is installed and used on a huge number of US mobile devices.
TikTok’s Privacy Policy and Data Access
TikTok’s privacy policy states that the app collects “information you share with us from third-party social network providers, and technical and behavioral information about your use of the platform.” TikTok also collects information in the messages the user sends through TikTok’s Platform and user GPS coordinates. If the user grants it access, TikTok will access user phone contacts and collect contacts’ names and phone numbers, and match that information against existing users of the TikTok platform. So, if your contacts have the TikTok app on their device, and they grant the TikTok app access to their phone and social contacts, your name and phone number will be accessible to TikTok . . without your permission.
Surprisingly, this level of data collection is in line with information typically accessed/collected by apps. But, what is concerning is that collectively this information provides a massive amount of information about Americans, about their whereabouts, their movements, their preferences, their associates, etc. And, the collective figures, stats, trends, etc., most likely will be presented to ByteDance for development of strategic development plans, budgets, goals, etc.
Potential Influence on American Culture
Overall, American and Chinese cultures are just about as different as conceivable. American culture is influenced by our democracy, freedom, individuality, Christian values, etc. China’s culture is influenced by its communist government, its lack of freedom, “good of the group” focus, and its values which are inspired by Confucian, Daoist and Buddhist leaders. Certainly, each nation has its strong points, among which are China’s respect for its elder population and its focus on saving versus spending money, and America’s patriotism and our drive to live the “American dream.” But, while American and Chinese cultures are vastly different, TikTok is loved by users in both nations. What’s concerning, is that TikTok has already come under scrutiny for removal of content that reflects negatively on Chinese culture. And, China has the opportunity to use TikTok to control its image as a nation. So, not only does TikTok give its Chinese owners an intimate look at American culture, but it also provides an opportunity for China to social engineer their reputation to a vast audience of American voters both present and future.
Scary Security Scenario
So, why is all of this so concerning? Let’s look at a hypothetical situation. Suppose an officer in the US Armed forces is deployed overseas. His daughter is an avid TikTok user. When she set up the app, she allowed TikTok to access her phone contacts. Her father is in her contact’s list, so TikTok has access to the name and phone number of an officer in the US Armed Forces. He returns home from deployment and his daughter creates and uploads a TikTok video of the two of them. The video shows both her and her father’s likeness. And, the app collected the GPS coordinates of her/their location automatically so their location is known, whether the video was created at home or out in town. It may seem like a stretch of the imagination, but theoretically a Chinese operative could use the GPS coordinates and their likeness to physically locate the father and daughter. The Chinese operative could kidnap the daughter as a means to extract information from the father. Or, the operative could take the father hostage and torture him for military secrets.
While this isn’t the most likely of scenarios, it is possible. What is more likely is that information gathering and social engineering are at play. But, you certainly don’t want to focus on the long game when immediate dangers could also exist.
TikTok App Bans
On July 20, 2020, the House approved a proposal to prohibit downloading and using of the TikTok app by employees of the United States, officers of the United States, Members of Congress, congressional employees, or officers or employees of a government corporation. And, on July 22, 2020, the US Senate unanimously passed the “No TikTok on Government Devices Act” which bans “employees and officers of the United States, Members of Congress, congressional employees, and officers and employees of government corporations from downloading or using TikTok, or any successor application from the developer, on any device issued by the federal government or a government corporation, with the exception of specified activities (e.g., cybersecurity research).”
Currently, downloading and use of the TikTok app has been banned by the following government agencies and private companies:
US Navy (on government owned devices)
US Army (on government owned devices)
US Air Force (on government owned devices)
US Coast Guard (on government owned devices)
US Marines (on government owned devices)
US Department of Homeland Security (on government owned devices)
US TSA (on government owned devices)
Amazon (ban later recalled)
Wells Fargo (on company owned devices)
Republican National Committee (on personal devices)
Democratic National Committee (on personal devices)
TikTok’s Future
TikTok will likely be in the news in the coming weeks and months. There are rumors that the TikTok may be sold to an American investor to avoid further US government scrutiny or an all out US ban on the app. If such a move isn’t made before an all out ban in the USA, they’ll be many disappointed Gen Zers. What would be most important would be to stop the collection of US TikTok user info by a company with China ownership that can be used to the detriment of US citizens.
Update: (11/16/2022)
Since we originally blogged about the topic in 2020, there has been continued concern about the TikTok app’s use in the USA. Below are links to key updates on the topic:
10/30/2020: TikTok creators successfully block U.S. app ban with lawsuit.
“TikTok has again been spared a ban in the United States, this time by a judge in Pennsylvania who granted a temporary halting of the restrictions against the video app that were set to take effect Nov. 12.” 2020.
2/10/2021: Biden Administration Pauses Trump’s TikTok Ban, Backs Off Pressure To Sell App
“Efforts to ban TikTok under then-President Donald Trump were put on ice on Wednesday, as the Department of Justice signaled in a new court filing that the Biden administration is backing off the pressure on the Chinese-owned video-sharing app.”
5/12/2021: Bill to ban TikTok on U.S. government devices passes committee
“The Senate Homeland Security and Governmental Affairs Committee unanimously passed a bill that would ban U.S. federal workers from downloading the popular app TikTok onto U.S. government devices, Senator Josh Hawley, a bill sponsor, said in a press statement on Wednesday.”
6/09/2021: Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries
“The ongoing emergency declared in Executive Order 13873 arises from a variety of factors, including the continuing effort of foreign adversaries to steal or otherwise obtain United States persons’ data. That continuing effort by foreign adversaries constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. To address this threat, the United States must act to protect against the risks associated with connected software applications that are designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.”
06/29/2022: FCC commissioner calls on Google and Apple to ban TikTok app
“A member of the Federal Communications Commission is calling on Apple and Google to remove TikTok from their app stores over concerns that user data from the wildly popular social media platform is being accessed in China.”
08/24/2022: Mr. President, You Have Protected Your Family by Banning TikTok for Them. What About Your Country?
“Making things more dangerous, the very fabric of America has never been at a greater risk of imploding than it is right now. We are at a pivotal moment in time and culture, with a paradigm shift in the way we and our children are living our lives. Most frighteningly, we are inviting and acting as the catalyst to what very well may become the greatest weapon to ever be created with the intent to destroy America from the inside out. It is what happens when our most powerful geopolitical enemy uses the social media technology our open and innovative economy created to use our free exchange of information against us. That all comes from one simple, devastatingly dangerous app: TikTok.”
10/18/2022: TikTok is China’s Trojan Horse
“A look at TikTok’s privacy policy states that “We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group” — and that means the Chinese Government too.”
11/14/2022: Maybe Trump was right about TikTok
“Here’s something you rarely hear a Democratic senator say: “Donald Trump was right.”
But that’s what Sen. Mark Warner (D-VA) is saying now, and it’s all because of TikTok, the popular video app that Trump tried to ban in the waning months of his presidency.
“As painful as it is for me to say, if Donald Trump was right and we could’ve taken action then, that’d have been a heck of a lot easier than trying to take action in November of 2022,” Warner told Recode. “The sooner we bite the bullet, the better.”
11/15/2022: FBI Director warns of potential Chinese gov’t exploitation of TikTok
“Harshbarger asked Wray whether the FBI has been involved in the review and about the agency’s view of the app’s safety.
“We do have national security concerns from the FBI’s end about TikTok. They include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices which gives the opportunity to potentially technically compromise personal devices,” he said.”
About the Author:
J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com