Is TikTok a Security Threat?

Congress seems poised to either ban TikTok from US app stores, or force the Chinese-based ByteDance to sell to an American company. But, why? What are the main concerns, and do they mean you can’t use the app yourself? In short, it’s complicated. On the surface, TikTok isn’t any more of a privacy and security offender than any other major
March 28, 2023
 / 
meritsolutions
 / 
Image

Congress seems poised to either ban TikTok from US app stores, or force the Chinese-based ByteDance to sell to an American company. But, why? What are the main concerns, and do they mean you can’t use the app yourself?

In short, it’s complicated. On the surface, TikTok isn’t any more of a privacy and security offender than any other major social media app available on your iPhone or Android. Like other social media apps, TikTok takes data you provide, such as your contacts, location, browsing history, financial info, and even your activity from other apps and websites if you allow it. The app also monitors your activity on the app, especially when it comes to how you interact with videos, in order to serve you more relevant content in the future.

Much of this data collection is no different than you’d find on apps like Facebook and Instagram. It’s not necessarily a good thing, and in many ways, this data collection is concerning, but it’s concerning for all of the apps out there, and there should be better laws in place protecting our data en masse.

However, there are two major complications with TikTok is. The first is the number of users on the platform: The company claims to have 150 million active American users on the app, a huge percentage of the country. This in and of itself wouldn’t be enough to raise alarm bells, however. It’s who can see that treasure trove of American data.

Unlike companies like Facebook, it is owned by a Chinese-based company called ByteDance. Under Chinese law, ByteDance must hand over its user data to the government whenever requested in the name of national security, which poses an issue: If ByteDance has the data of US citizens, can the Chinese government see and use this data at will?

Late last year, the company admitted that some of its employees had used data from US citizens, including IP addresses, to spy on them. These employees were concerned about internal ByteDance information leaking to journalists, and were trying to figure out who was responsible. They were able to do this with data obtained by TikTok through normal use, and could track locations using those IP addresses.

While ByteDance has since fired the employees who abused the data in this way, and there was no indication the Chinese government was involved, the implications are concerning. Still, there is no public evidence that your TikTok data is currently being used by a foreign entity. It’s the idea that they can access your data that has Congress (and many security experts) on edge. It’s also why many government officials are no longer allowed to have the app installed on work devices. The implications are too risky to conduct government business with such an app present.

As for your own use, you could choose to play it safe, and keep the app off your phone entirely. If you decide to join in on the fun like so many millions of Americans, you won’t be hacked or spied on (granted you aren’t affiliated with ByteDance and malicious activities). But it’s good to keep in the mind the concerns. This isn’t your average app.

Photo by Solen Feyissa on Unsplash

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.