If you follow tech news, you might have seen a few mentions recently about TikTok’s security issues. A social media platform popular with Gen Z (people born between 1995 and 2015), TikTok features short, user-generated videos that can be edited and shared within the app or to other social media sites. (We actually posted about TikTok back in November, where we discussed it’s viability as a digital marketing platform, and you can get a more complete description of the app there.)
TikTok made a splash on the social media scene, racking up 1.5 billion downloads in its first year. For perspective, that equates to 1 in 5 people globally having downloaded this app.
But last fall, lawmakers began raising concerns about potential TikTok security issues. Owned by a Chinese company called ByteDance, the app has been criticized for censoring content critical of the Chinese government, even going so far as to ban American users who criticized China’s treatment of the Uighurs, a Muslim minority group being held in Chinese detention centers. The app has also been suspected of suppressing content related to the ongoing anti-government protests in Hong Kong.
Security experts have also raised alarms about the type of personal information the app gathers from users and how much of that data is being turned over to the Chinese government. While ByteDance claims data from American users is housed on servers in Virginia and Singapore, the Chinese government has been pressuring the company to comply with a 2017 national intelligence law that requires companies to turn over information to the government for intelligence gathering operations.
What Kind Of Data Is TikTok Gathering?
As with any social media app, it’s difficult to know what data TikTok gathers and how that data is used. It’s generally accepted that TikTok gathers standard information like users’ phone and social network contacts, email addresses, IP address, and location. It’s also been shown that the app gathers biometric data from close-up shots of faces.
Some of this information gathering is consented to when users agree to the app’s terms and conditions, however, users have been surprised by some of the data that has been collected from them and where that data ended up. For instance, Misty Hong, a college student, claims that she downloaded TikTok, but never created an account. She later discovered the app had created one for her. She then created a few short videos on the app, but never published them. Nevertheless, the videos were sent to servers in China without her knowledge. Last November, Hong filed a lawsuit against ByteDance in her home state of California, which became a class action suit as more users came forward with similar stories.
Before Hong’s lawsuit, TikTok came under fire back in February 2019 for its treatment of minors. According to the FTC, who filed a complaint in United States District Court, the app had been gathering data on users under the age of 13. When parents became concerned, they found there was no in-app option to delete their children’s accounts, forcing them to contact TikTok directly. Although TikTok did close these accounts, it was later found they retained the data from these accounts unbeknownst to the parents. TikTok has also been accused of failing to protect minors on their platform by exposing minors’ approximate location to other online users and by instructing users under the age of 13 to change their profile to indicate their account was managed by an adult or guardian even when there was no evidence of adult involvement.
This past June, TikTok was criticized for accessing users’ clipboards on their phone. (This is the location where “copied” information such as a URL is temporarily stored before it is pasted elsewhere.) ByteDance claims this function was intended to prevent spam posting on videos, but many users were skeptical of this claim. It has since announced it will discontinue this function.
How Serious Are The Problems With TikTok’s Security?
Whether or not TikTok users are concerned with privacy issues in the app, the U.S. government is. All three branches of the military, the Coast Guard, and the TSA have banned the use of TikTok on government-issued phones because of concerns over what data might be gathered on soldiers and how that data might be used. And just this month, President Trump announced his administration would consider banning the app, with many other leaders from both sides of the aisle supporting an investigation into TikTok’s security practices, as well as its parent company’s data collection.
Many employers have also become concerned. In July, Amazon released an internal memo asking employees to delete the app, fearing it might be accessing work-related emails on employees’ phones. While Amazon retracted the request, Wells Fargo also asked employees to delete the app, citing similar concerns.
Are These Actual Threats To Personal And National Security, Or General Fears Of China?
It’s difficult to know what information any social media app gathers, how they use that data, and how they might use that data in the future. TikTok is not unique in that sense. Facebook has been embroiled in a (very, very) long series of scandals, the best-known of which involved Cambridge Analytica. YouTube has had its own issues with failure to protect children who use its platform, and Instagram allowed Ad Partners to track users’ data. The list of privacy violations goes on and on with seemingly no platform immune. The question is, have TikTok’s security violations been somehow different or more egregious?
Faisal Kahn, publishing on Medium, argues they haven’t. He points out that Check Point made TikTok aware of its vulnerabilities on November 20, 2019 and TikTok had resolved the issues by December 15, 2019, showing an eagerness to resolve a problem common in apps with explosive popularity. Similarly, an investigation by Buzzfeed News revealed that TikTok has not been censoring content that might be offensive to the Chinese government, such as content related to the ongoing protests in Hong Kong. And according to an interview between the Washington Post’s Geoffrey Fowler and Patrick Jackson of privacy company Disconnect, “TikTok doesn’t appear to grab any more personal information than Facebook. That’s still an appalling amount of data to mine about the lives of Americans. But there’s scant evidence that TikTok is sharing our data with China.” So why the panic over TikTok?
According to experts like Zak Doffman, the real problem with TikTok is it’s “the first and only Chinese social media app that has managed to compete head to head with the U.S. giants that lead the market.” The idea that China, a country heavily invested in censorship and surveillance, might be gaining a foothold in the internet raises alarms over how those values might impact internet usage for the western world.
Russell Brandom of The Verge agrees, writing, “it’s not clear TikTok is doing anything out of the ordinary. The app does collect a lot of data, and a lot of it for no clear purpose, whether that’s keystroke data, background location, or other apps installed on your phone. But that kind of data collection is depressingly common. …If TikTok is different, it’s because of China.”
The Power Of Demographic Data In The Age Of Fake News
Much of the public ire over Facebook’s Cambridge Analytica scandal was not because Facebook collected the data (we had known they were doing this for years), or that it allowed a third party to access that data (again, Facebook had done this before). But the public’s perception that Facebook allowed parties to use this data to influence the outcome of a presidential election was beyond the pale.
Zak Doffman, while largely dismissing concerns over TikTok’s security issues, admits that the app’s massive trove of data could be leveraged in similar ways. When broken into datasets by country, city, or demographic groups, the data provides powerful insights ripe for exploitation. “That dataset,” he writes, “in the hands of an adversarial foreign government, is a risk—a very serious risk, in a world where social media is used to push propaganda out to users who tap those platforms as a primary source of news. When TikTok is described as a national security risk, that is essentially what those governments mean.”
He’s not alone in this perspective. After violence recently broke out between China and India in a disputed area of their shared border, India banned a number of Chinese apps, citing them as threats to sovereignty and security. This is partly a move to damage Chinese tech companies, who have been enjoying great economic growth—particularly in India, which, coincidentally, is TikTok’s largest overseas market. However, should violence increase, data harvested from the many immensely popular Chinese apps in India would provide a detailed demographic overview of India, while the apps themselves would be an ideal feed for propaganda.
And this brings us back to China’s 2017 national intelligence laws and questions over the extent of its reach into companies like ByteDance.
Given TikTok’s Security Problems, Should I Just Delete The App?
There’s no easy answer here. Whatever your opinion of TikTok’s security issues, those same issues are likely happening in other apps on your devices. Since deleting all apps and returning to “dumb” phones isn’t an appealing solution to most people, the answer might ultimately be a personal one: Who are you willing to risk trusting? Do you believe Apple is more principled than Google? That Facebook is more ethical than China?
It’s becoming increasingly impractical to live without exchanging personal data through the internet, whether that’s through apps we download willingly or apps we use when we visit the doctor and sign in using a tablet, pay our rent electronically to avoid a service fee, or complete online job applications for companies that no long accept paper applications. In a world where we are compelled to participate in data exchange, data breaches and identity theft are the cost of participation in society.
But all is not lost. As the threat to our personal data grows, so does the market for products and services for protecting ourselves. Identity theft protection companies offer help in securing and recovering your identity if it’s stolen. If you’re worried about the cost of this protection, some banks and insurance companies now allow you to bundle this protection along with your auto insurance and renters or homeowners insurance for a discount. Often, the cost is low and the service will provide monthly updates on your credit score and other financial and government accounts linked to your identity.
Similarly, sites like Have I Been Pwned and Breach Alarm allow you to check whether your personal information has been compromised in major data breaches. And as we’ve written before, managing your online presence is another factor in protecting yourself.
Another option you can try is limiting the app’s permissions. On Android devices, open your Settings Menu > Apps > App Permissions > TikTok. On iPhones, go to Settings > Privacy > TikTok. From here, you should be able to control what areas of your phone and what files the app is able to access or control. This will not solve all of TikTok’s security problems, but it may help you limit some of the information the app snags.
If you’re concerned about protecting your business from data theft, know that TracSoft has your back. We offer outstanding network security, along with 24/7 monitoring and multi-factor authentication for layers of protection. Contact TracSoft today to start building a custom security plan for your company.