Quarantine was difficult for a lot of people, but many found comfort in watching or making videos on the new social media platform TikTok. While the application came to the United States specifically in August of 2018, it was not a well-known phenomenon until we were all stuck at home with limited access to the outside, social world.
Because of this, the app has gained an estimated 65 million users just within the U.S. and because of this, there has been much debate and speculation over whether or not the app implements efficient security measures. Many worry it allows people to have access to your information, specifically people from China seeing as the app was created and is owned by ByteDance in Beijing.
Studies have exemplified the security risks of using this application. According to the Center for Internet Security, not only does it gather information from the app even if the user neither posted or saved videos, but it poses risks to your device
brand and model, Operating System (OS) version, mobile carrier, browsing history, app and file names and types, keystroke patterns or rhythms, wireless connections, and geolocation.
Other researches have made valid points as well, pointing out that this platform is like any other, in that once something is posted publicly, it is accessible by anyone. TikTok’s policies for user privacy are pretty self-explanatory. One must be 13 years of age or older in order to sign up. The sign-up process asks for a valid phone number or email address, which are not shown on profiles, and date of birth, like many other social media networks. However, it does not request any residency questions, i.e. city, state or country. By default, accounts are set as public, however, this can be changed to private in account settings. All of these measures are implemented in most popular social media platforms as well.
In relation to hackers, in general, most accounts can be targeted and hacked no matter the platform. Some apps are easier to target however, and many have tried to prove TikTok’s security weaknesses. Those who target the platform are typically lawmakers and regulators who are skeptical of Chinese technologies, and the focus heavily on the vulnerabilities of the application. These include weak HTTP connection allowing manipulation or interception of content through slow content delivery and security vulnerabilities allowing hackers to manipulate content, delete videos and reveal personal information. Since these, TikTok has addressed each weakness and worked to solve each case.
Another major concern, made apparent due to a viral Facebook post made by a manager at Verizon, is that child traffickers use TikTok ‘extensively.’ The app has even been named to the 2020 dirty dozen list made by the National Center on Sexual Exploitation for reasons including the unpopular default public account setting as well as disapproval for the app’s reporting systems for sexually explicit content. However, the platform does in fact have multiple in-app reporting options for multiple discrepancies including nudity and pornography. In the community guidelines as well, there is a statement prohibiting the posting or gratification of sexually explicit content. Those who do not follow the guidelines find their posts removed. Of course, not everyone will abide by these rules and so this sort of content is still found on the application. There has been no hard evidence, as of now, to prove that the app is being used for child trafficking.
There are many Americans who are skeptical of China, Chinese companies, and Chinese apps. Because of this, it has been reported that ByteDance has a kindly relationship with the Chinese government. And according to threatpost.com, user information and data is stored on servers in China. This information, true or false, frightens many.
However, TikTok has repeatedly stated that it stores all of its data on servers in the United States, with backups in Singapore. In an interview with the global Chief Security Officer for ByteDance, Roland Cloutier, he made a point to address this concern by stating that TikTok is not even used in China, so the government there has no jurisdiction over it. The user data would go through the U.S. government because the servers are also based there. Cloutier said, “we simply don’t share data with governments, including the Chinese government.”
Despite concerns over account and data security, the app is very politically judged. It is known that the relations between the United States and China have been tense at best recently, but it has been made clear of the president’s distrust of the Chinese government. President Donald Trump, known for his apprehensions relating to Chinese content, previously signed two executive orders issuing the ban of downloading TikTok in August due to “national-security concerns” over China-based applications. The case has been brought to court twice, losing both times. On December 7, a federal judge fully blocked the Trump administration’s attempts to ban TikTok in the United States on the grounds that the White House does not have the authority to prohibit personal communications. They were not the first judge to make this point. This is to say that, while you are free to use whatever applications you like, make sure that you are aware of the possible security threats they can pose.
President Trump, however, has made comments promoting U.S. companies buying out TikTok. There have been multiple companies that have bid on the app including Microsoft, in conjunction with Walmart, and Oracle. The company reached an agreement with Oracle (12.5%) and Walmart (7.5%) in September to sell significant ownership to them, 20 percent in the firm in total. This would allow the American Software Company to be in charge of all U.S. user data if the deal goes through. The Trump Administration has approved a deal where the American company will have total control over the app and its data, similarly the president has suggested that the U.S. treasury would get a “substantial cut” of any deal. The administration has pushed back the deadlines multiples times for the sale. On the other side of this, China has accused the U.S. of targeting the app for geopolitical reasons, calling the forced sale state-sanctioned robbery.
Individuals are not the only ones distrustful of the app. There are many companies that have expressed their concerns. Some go as far as to ban their employees from using it. Wells Fargo, for example, has said that it has banned its workforce from using TikTok on company devices. Amazon has also made a similar announcement. Other companies such as Twitter, venture capitalists, tech journalists, and China watchers are all watching to decide whether or not it poses as big of a threat as the government has made it out to be. Seeing as there has been no hard evidence proving that TikTok’s data collection practices are any harsher than other social media apps, it is difficult to say whether or not one should or shouldn’t use the platform. There are many ongoing investigations into the app, the company, and its security practices.
Despite claims to TikTok’s innocence or guilt, it is still an online platform with an individual’s personal information. Whatever you personally believe about the application, make sure you are taking the right precautions when signing up for new online and social media accounts. No matter the platform’s policies or security, hackers are also still a major concern. Make sure to stay updated on the latest information regarding account security.
Sources
https://www.cisecurity.org/blog/why-tiktok-is-the-latest-security-threat/
https://www.usatoday.com/story/news/factcheck/2020/05/18/fact-check-tiktok-security-threat-used-hackers-traffickers/3120617001/
https://www.npr.org/2020/12/07/944039053/u-s-judge-halts-trumps-tiktok-ban-the-2nd-court-to-fully-block-the-action
https://threatpost.com/tik-tok-ban-security-experts-dangers/159362/
https://www.businessinsider.com/bytedance-security-chief-tiktok-data-stored-us-safe-from-china-2020-8#:~:text=TikTok%20has%20repeatedly%20said%20it,app%20a%20national%20security%20threat.
https://www.wired.com/story/tiktok-ban-us-national-security-risk/#:~:text=Critics%20say%20that%20TikTok's%20massive,the%20app%20from%20their%20devices.