Is TikTok a security threat? It’s complicated.6 min read
TikTok is one of the hottest apps on the planet among teens and social media addicts. But the app, owned by China’s ByteDance, is under ever-increasing scrutiny from U.S. government officials, including President Trump and Secretary of State Mike Pompeo, who are threatening to ban it, claiming the app is a national security threat.
According to researchers, however, the fear of TikTok being used for some form of espionage is directly tied to the growing geopolitical tensions between the U.S. and China. It’s not that the app collects any more information than contemporaries like Facebook, experts say, but rather that TikTok has ties to China.
“I Think TikTok has been doing a lot of things very, very, very quickly to try to establish that it’s safe for Americans to use,” explained U.C. Berkeley professor Steven Weber, faculty director for the Berkeley Center for Long Term Cybersecurity. “In this political environment between the United States and China, you’re guilty until proven innocent if you’re a Chinese company.”
No available evidence of spying
That data, the company says, is used to improve TikTok itself, as well as serve up targeted ads, the exact reason apps like Facebook (FB) collect user information. So far, there has been no evidence made available pointing to TikTok abusing user data to spy on Americans.
TikTok is the U.S. subsidiary of China’s ByteDance, which operates a similar app in Mainland China called Douyin. But TikTok’s headquarters is in the U.S. and the company has an American CEO in former Disney executive Kevin Mayer.
TikTok, like its social media peers, also indicates on its website that it complies with U.S. laws with respect to subpoenas and court orders, and may share user data with law enforcement under such circumstances.
“So it isn’t so much that the U.S. is saying ‘Oh my gosh, I can’t believe anyone would let an app do this terrible terrible thing!’ It’s that you’re in bed with the Chinese not the Americans,” explained NYU Tandon School of Engineering professor Justin Cappos.
It’s that fact that raises the specter of xenophobia as the cause of the U.S. crackdown on Chinese-based tech companies.
TikTok’s problematic past
TikTok isn’t without its flaws, though. In 2019, the company reached a $5.7 million settlement with the Federal Trade Commission over accusations that it violated the Children’s Online Privacy Protection Act, by collecting user information from children under the age of 13.
The app, along with more than 50 others including ABC News, Classic Bejeweled, Fruit Ninja, and The New York Times, was also recently caught copying data from users’ Apple (AAPL) iPhone clipboards.
The revelations came as a result of a new feature in Apple’s iOS 14 beta, which alerts users when an app is copying information from the clipboard. TikTok claims it was copying the data as part of a security measure to prevent spammers on the social network, and said it submitted an app update to Apple’s App Store that removed the copying behavior.
But TikTok, and other apps, was initially called out about the practice in March by security researchers who uncovered the clipboard behavior. At that point, TikTok told The Telegraph that it would stop the behavior, but the iOS 14 beta showed that wasn’t the case.
The company has also been criticized for censoring content that mentions topics that would anger the Chinese government including the Tiananmen Square Massacre and Tibetain independence. According to documents obtained by The Guardian, TikTok’s policy was to make posts on such topics visible only to the users who posted them, ensuring they didn’t reach a broader audience.
TikTok responded to the September 2019 report, saying that those policies were outdated and were meant to minimize conflict on the platform at the time.
The controversy echoes similar criticisms of Zoom (ZM), which has been accused of silencing voices critical of China by suspending the accounts of activists outside of the U.S. who were commemorating Tiananmen Square.
Zoom founder and CEO Eric Yuan is Chinese-American, and the company has a server in China. The video chatting service faced blowback earlier this year when it was determined that some of its video chats were being piped through servers in China. The fear, at the time, was that the Chinese government would be able to gain access to those chats, exposing dissidents to damaging repercussions in the country.
Huawei, the Chinese electronics conglomerate, has also come under intense scrutiny from U.S. lawmakers who say that it has the capability to spy on consumers and government officials via its data networks. The U.S. is currently engaged in a global campaign to have allies remove Huawei equipment from its cellular networks. The U.K. recently announced that it would do so by 2027.
The fear of future exploitation
But TikTok is an app that’s largely used by teens posting lip syncing and dance videos. What kind of threat could that pose to national security?
According to Weber, the fear isn’t so much what TikTok could do with data now, but what could be done with data in the future.
“Let’s say you had a really big data set about Americans that covered lots of different activities in their lives, where they grew up, where they were born, what kind of things they like to watch on YouTube, and on and on and on,” he explained.
If Chinese data scientists were able to look at students at schools like U.C. Berkeley, where Weber works, Chinese intelligence officials may be able to determine which of those students would eventually work in the U.S. government.
“Now you think about that, and you say to yourself wouldn’t it be cool, from a data scientist perspective, if I could assign a probability score to every 18-year-old incoming freshman coming to the University of California Berkeley,” Weber explained. “And then, before they even know what their career paths are likely to be, put some of my resources and assets into trying to compromise them early on in their careers.”
NYU’s Cappos offered a similar explanation of the potential future threat posed by TikTok’s trove of user data.
Currently, U.S. government entities and businesses continue to block TikTok from their devices.
The app has been banned from use on government-issued devices by every branch of the military and Transportation Safety Administration. On July 11, both the Republican National Committee and Democratic National Committee also advised their members not to download TikTok on their personal devices, CNN reported.
It’s not just government and political organizations pushing back against the app. On July 10, Amazon (AMZN) issued a memo to employees telling them to delete the app from their devices, before retracting the note, saying it was sent in error. And on Monday, Wells Fargo (WFC) told employees to delete the app from their devices, according to The Information.
So where does that leave the average person?
For experts like Professor Dave Levin of the Maryland Cybersecurity Center at the University of Maryland, any kind of data sharing with social apps is a concern, regardless of where the company vacuuming it up is based.
“I have not seen any concrete evidence that indicates data sharing with the Chinese government [and TikTok],” he told Yahoo Finance. “I haven’t seen any evidence that there are massive security flaws.”
But, Levin explained, as with any social media company, there’s no telling where your user data could end up.
Got a tip? Email Daniel Howley at [email protected] over via encrypted mail at [email protected], and follow him on Twitter at @DanielHowley.
More from Dan:
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube, and reddit