What’s Going on at TikTok?

They say all press is good press, but scan any recent article about TikTok and the adage is called into question.

In recent months, TikTok has been the subject of global privacy concerns, blamed for mass gatherings in Hollywood mansions at the height of a global pandemic, and accused of housing problematic cultural appropriation. But as a major bid by several US companies to buy TikTok reaches its final days, the future of the app remains uncertain.

The threat of a nation-wide ban on TikTok by the Trump administration has shone a spotlight on security issues. But what are the risks, and where did those fears regarding TikTok and national security come from?

We take a look at the app’s rollercoaster of a year, and what’s in store for its future.

TikTok, the great equalizer

Available in over 150 countries and 75 languages, TikTok is ubiquitous across personal devices worldwide. Popular mostly among teenagers, the app has also been adopted by famous actors, doctors, chefs, teachers, and artists—just about anyone in any industry can find an audience on TikTok

With such a vast and varied user base, privacy concerns are bound to crop up, especially when that user base includes children, or government agencies with sensitive data on their devices. When it comes to the data stored by TikTok, should we be concerned about our privacy on a personal and national level?

Quick break for a history lesson

Founded in Shanghai and launched in Chinese and American markets as Musical.ly, the app gained millions of users within the first year (that number is now in the billions). In 2017, Musical.ly was acquired by ByteDance, a Chinese multinational internet technology company. ByteDance also owned TikTok, a video-sharing social platform founded in 2012. ByteDance merged the two apps, retaining users from both platforms, and kept the name TikTok.

Stoking security fears

The general public has certainly wisened up since our early days of using social media. What once seemed like a harmless communication tool has since undergone intense scrutiny for its role in sharing and selling our personal data. As Ian Thornton-Trump, the CISO of threat intelligence company Cyjax told Forbes, “Any free service is going to want to monetize the data it’s accumulating.” While Google, Instagram, and the many other platforms woven into our every-day are convenient tools, they all undoubtedly cost us a percentage of our privacy.

A user base as vast as TikTok’s becomes a target for cyber attacks, and TikTok confirmed it had privacy vulnerabilities (that have since been fixed) after a cybersecurity firm found weaknesses that would have allowed hackers to infiltrate users’ SMS. Though the problem was quickly resolved, latent fears of security threats remain.

Even worse for TikTok, cybersecurity experts have pointed to China-owned apps as potential national security threats. Under the China Internet Security Law, Chinese companies cannot refuse to share the data they collect from users with the Chinese Government if that data is requested. Cybersecurity experts turned their attention to China-owned photo apps, which may be able to collect biometric data from users. TikTok has likewise gone under the microscope.

Though TikTok’s parent company, ByteDance, is headquartered in Beijing, the international version which relaunched as TikTok in 2017 does not serve China. TikTok itself is led by an American CEO, and a spokesperson told CNBC in July of 2019 that TikTok “neither shares information with the Chinese government, nor operates in the country.” The spokesperson went on to say that user data is stored outside of China, and according to TikTok’s current privacy policy, personal data may be stored on servers in the US and Singapore, though the firm maintains “major servers around the world.”

Yet some of the policies surrounding user data are still vague. As the same CNBC report pointed out, TikTok’s privacy policy currently states that they may “share your information with a parent, subsidiary, or other affiliate of our corporate group.” Presumably, this would include TikTok parent company, ByteDance.

In December 2019, a resident of Palo Alto, California, filed a class-action lawsuit against the behemoth video app for allegedly sending her data to servers in China. The lawsuit claimed that TikTok’s vague privacy policies provided a loophole to collect personal information on its users including biometric data, which could be used to track and profile TikTok users in the US. The lawsuit cites a now-archived version of TikTok’s privacy policy, which said that user data could be stored in servers in China. No further information has been released regarding the lawsuit, however.

Where is the proof?

That’s the thing…there isn’t any proof that TikTok has sent any user data to the Chinese Government. Additionally, a CIA analyst told the White House that there is no evidence that the Chinese Government has ever accessed TikTok user data.

Critics fear the app’s vast dataset could allow a form of social engineering, not unlike Cambridge Analytica’s meddling in the 2016 Presidential election via Facebook. As Forbes writer Zak Doffman puts it, “That dataset, in the hands of an adversarial foreign government, is a risk—a very serious risk, in a world where social media is used to push propaganda out to users who tap those platforms as a primary source of news. When TikTok is described as a national security risk, that is essentially what those governments mean.”

Life without TikTok?

For many countries, as well as US Government agencies and corporations, the narrative surrounding TikTok as “Chinese spyware” (again, this has not been proven, only speculated by groups like Anonymous and by the Trump administration), is enough to call for a ban on the app. In mid-August of 2020, the President of the United States signed an executive order threatening to ban TikTok nationwide over national security concerns. The order will only go into effect if TikTok is not sold to a US company within 90 days from August 14th, and the sale is reportedly imminent. Several companies including Oracle have placed a bid, as well as Microsoft who recently partnered with Walmart on their bid.

But on August 28th, just as media outlets were expecting to announce a bid in the coming days if not hours, China updated their export-control rules, making a sale of TikTok to an American company more complicated. Under the new rules, ByteDance would need to be granted a special license in order to sell the company, which falls under what the government considers “sensitive technology.” An expert on Chinese economic policy told the New York Times that this move by China, “could be an effort to outright block the sale, or just raise the price, or attach conditions to it to give China leverage down the road.”

It can’t go unmentioned that just days before, on August 22nd, TikTok announced its plans to sue the Trump administration over the ban of the app in the US, stating that they have tried to come to a resolution over the United State’s privacy concerns in good faith, but have been met with “lack of due process as the Administration paid no attention to facts.” The administration has been met with criticism for the pending ban, which could be viewed as censorship, something the Chinese government is often accused of.

Fears on a global scale

In 2019, after a warning from the Department of Defense, the U.S. military banned TikTok on government-issued devices, though it previously used the app as a recruitment tool. Staffers for Joe Biden’s presidential campaign were likewise instructed to remove the app from their personal and work devices, and Wells Fargo instructed employees to remove the app from work devices. Amazon allegedly told their employees to do the same, then quickly stated that their policies surrounding the app had never changed. The United States is not the only country to express concerns surrounding TikTok or to issue regulations. India issued a nationwide ban on the app, and Japan has at least considered following suit.

What would happen to user data in a sale?

Though not guaranteed, especially given China’s new restrictions on technological exports, TikTok could be sold to a US-based company like Microsoft. According to Forbes, Microsoft would ensure that “all private data of TikTok’s American users is transferred to and remains in the U.S. To the extent that any such data is currently stored or backed-up outside the United States, Microsoft would ensure that this data is deleted from servers outside the country after it is transferred.” This, of course, only applies to American users, and as we know, TikTok is an international company with users all over the world.

Regardless of what the future has in store for TikTok, government surveillance is not unique to countries like China. In the land of social media, TikTok is not unique in its collection of user data. If we value our privacy, we must stay vigilant and understand the risks of giving apps like TikTok permission to access our personal information.

    Dashlane

    Dashlane gives everyone who uses the internet a simple way to live savvier online. Generate strong, randomized passwords for every account, and autofill logins, personal info, and payment details instantly—without compromising your data security. Dashlane works across devices on every major operating system and browser, making the internet safer and easier to navigate at home, at work, and on the go.

    Read More