TikTok. You’ve likely heard of, or used, this wildly popular app. If you are one of the few who doesn’t know what TikTok is, the app is social media sharing app used to create short dance, lip-sync, comedy and talent videos. It’s been downloaded over 2 billion times on the app store and Google play (as of 07/03/2020), and has over 800 million active users worldwide. A whopping 69% of TikTok users are Gen Z’ers (age 7 to 22). Chances are either you’re a TikTok app user, or a family member or close associate is. But, did you know that this app has been banned in India? Or, that the US government is also considering banning the TikTok app over security concerns? From its Chinese ownership to concern about the app’s privacy policy and data access, there are some well founded concerns about the TikTok app security that you should be aware of.

TikTok Ownership Concerns

TikTok is owned by Beijing China based ByteDance, which was founded in 2012. When ByteDance merged with Musical.ly in August, 2018, the TikTok app became available in the USA. Due to its Chinese ownership, many are concerned about the implications of China’s Internet security law  which “requires network operators in China to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request.” But, in TikTok’s Statement on Content Moderation and Data Security Practices it indicates “TikTok US user data is stored in the United States, with backup redundancy in Singapore.” And, TikTok confirms their data centers are not located in China and none of the data is subject to Chinese law. But, ultimately, TikTok has China ownership, and that’s concerning because the TikTok app is installed and used on a huge number of US mobile devices.

TikTok’s Privacy Policy and Data Access

TikTok’s privacy policy states that the app collects “information you share with us from third-party social network providers, and technical and behavioral information about your use of the platform.” TikTok also collects information in the messages the user sends through TikTok’s Platform and user GPS coordinates. If the user grants it access, TikTok will access user phone contacts and collect contacts’ names and phone numbers, and match that information against existing users of the TikTok platform. So, if your contacts have the TikTok app on their device, and they grant the TikTok app access to their phone and social contacts, your name and phone number will be accessible to TikTok  . . without your permission.

Surprisingly, this level of data collection is in line with information typically accessed/collected by apps. But, what is concerning is that collectively this information provides a massive amount of information about Americans, about their whereabouts, their movements, their preferences, their associates, etc.  And, the collective figures, stats, trends, etc., most likely will be presented to ByteDance for development of strategic development plans, budgets, goals, etc.

Potential Influence on American Culture

Overall, American and Chinese cultures are just about as different as conceivable. American culture is influenced by our democracy, freedom, individuality, Christian values, etc. China’s culture is influenced by its communist government, its lack of freedom, “good of the group” focus, and its values which are inspired by Confucian, Daoist and Buddhist leaders. Certainly, each nation has its strong points, among which are China’s respect for its elder population and its focus on saving versus spending money, and America’s patriotism and our drive to live the “American dream.” But, while American and Chinese cultures are vastly different, TikTok is loved by users in both nations. What’s concerning, is that TikTok has already come under scrutiny for removal of content that reflects negatively on Chinese culture. And, China has the opportunity to use TikTok to control its image as a nation. So, not only does TikTok give its Chinese owners an intimate look at American culture, but it also provides an opportunity for China to social engineer their reputation to a vast audience of American voters both present and future.

Scary Security Scenario

So, why is all of this so concerning? Let’s look at a hypothetical situation. Suppose an officer in the US Armed forces is deployed overseas. His daughter is an avid TikTok user. When she set up the app, she allowed TikTok to access her phone contacts. Her father is in her contact’s list, so TikTok has access to the name and phone number of an officer in the US Armed Forces. He returns home from deployment and his daughter creates and uploads a TikTok video of the two of them. The video shows both her and her father’s likeness. And, the app collected the GPS coordinates of her/their location automatically so their location is known, whether the video was created at home or out in town. It may seem like a stretch of the imagination, but theoretically a Chinese operative could use the GPS coordinates and their likeness to physically locate the father and daughter. The Chinese operative could kidnap the daughter as a means to extract information from the father. Or, the operative could take the father hostage and torture him for military secrets.

While this isn’t the most likely of scenarios, it is possible. What is more likely is that information gathering and social engineering are at play. But, you certainly don’t want to focus on the long game when immediate dangers could also exist.

TikTok App Bans

On July 20, 2020, the House approved a proposal to prohibit downloading and using of the TikTok app by employees of the United States, officers of the United States, Members of Congress, congressional employees, or officers or employees of a government corporation. And, on July 22, 2020, the US Senate unanimously passed the “No TikTok on Government Devices Act” which bans “employees and officers of the United States, Members of Congress, congressional employees, and officers and employees of government corporations from downloading or using TikTok, or any successor application from the developer, on any device issued by the federal government or a government corporation, with the exception of specified activities (e.g., cybersecurity research).”

Currently, downloading and use of the TikTok app has been banned by the following government agencies and private companies:

US Navy (on government owned devices)

US Army (on government owned devices)

US Air Force (on government owned devices)

US Coast Guard (on government owned devices)

US Marines (on government owned devices)

US Department of Homeland Security (on government owned devices)

US TSA (on government owned devices)

Amazon (ban later recalled)

Wells Fargo (on company owned devices)

Republican National Committee (on personal devices)

Democratic National Committee (on personal devices)

TikTok’s Future

TikTok will likely be in the news in the coming weeks and months. There are rumors that the TikTok may be sold to an American investor to avoid further US government scrutiny or an all out US ban on the app. If such a move isn’t made before an all out ban in the USA, they’ll be many disappointed Gen Zers. What would be most important would be to stop the collection of US TikTok user info by a company with China ownership that can be used to the detriment of US citizens.

About the Author:

JD LeaSure, President / CEO, ComSec LLC

J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com