The wildly popular video-sharing app TikTok is facing a potential ban in the US and among employees of several major companies over security concerns.
What does that mean for you? Should you delete TikTok from your device? Here’s what you need to know.
What is TikTok?
TikTok is a video-sharing app similar to Snapchat and Instagram that lets users post clips that are 15 to 60 seconds long, usually set to music or a film dialogue. Videos can be “liked”, searched via hashtags and shared with others.
Where does it come from?
TikTok started as Musical.ly, which rose in popularity as a lip sync app. The Chinese company ByteDance bought the app in 2018 and relaunched it with additional features.
Since then, it has exploded in popularity, becoming the most downloaded app globally in the first quarter of 2020. Overall it has been downloaded roughly 2bn times and its user base is young, with 41% between 16 and 24.
So what’s the problem?
The concerns are threefold. Because TikTok’s parent company ByteDance is based in China there are fears the company may share user data with the Chinese government, whether intentionally through data requests or unintentionally through surveillance software.
There are general privacy concerns about how much data TikTok collects from user devices. “The fear is that the information in TikTok could provide more details than intended about people’s whereabouts or what they are up to,” said Chris Morales, head of security analytics at the cybersecurity firm Vectra. “You could in theory track someone to a location, such as a military base or government installation.”
And there are concerns over TikTok’s code, with experts worrying that it could allow privacy and security breaches. TikTok patched several major flaws, including one found in January 2020 that would allow an attacker to control someone else’s account, upload unauthorized videos, make private videos public and delete existing videos.
Are these legitimate concerns?
TikTok does collect a significant amount of user data, research shows. To sign up, users must provide their email, phone number and a link to another social media account. The app itself requires permissions to user location, audio and camera recordings, and contacts, according to a study by the San Francisco-based mobile cybersecurity firm Lookout.
That’s more data than companies like Twitter and Facebook collect. Together, the information could easily be used to identify and track the actions of specific people that use the application, said Hank Schless, Lookout’s manager of security solutions. “The fact that TikTok is owned by a Chinese company makes it a legitimate security concern,” Schless added.
China is far more aggressive than other governments in compelling companies to share information, and ByteDance, TikTok’s parent company, has worked with local police forces in Xinjiang, where Beijing is accused of detaining an estimated 1 million people belonging to religious minorities in re-education camps and prisons, according to a 2019 report from the Australian Strategic Policy Institute (ASPI). The company has an active role in “disseminating the party-state’s propaganda on Xinjiang”, the report reads.
TikTok has denied it shares information with the Chinese government and has distanced itself from ByteDance, hiring the California-based former Disney executive Kevin Mayer as chief executive officer in May.
“From our understanding and our analysis it seems that TikTok does an excessive amount of tracking on its users, and that the data collected is partially if not fully stored on Chinese servers with the ISP Alibaba,” the Penetrum report said.
What if I don’t care about my privacy?
Other problems include moderation and how it is influenced by social and political norms in China. TikTok moderators were guided to censor videos that mentioned Tiananmen Square, Tibetan independence and the banned religious group Falun Gong, the Guardian found in September 2019.
Moderators were also told to suppress videos from users who appeared too ugly, poor or disabled, according to a March report from the Intercept, and to delete videos that showed protests in Hong Kong.
Who has banned TikTok?
Wells Fargo on Monday announced it would require its employees to uninstall TikTok. Amazon told employees to do the same last week, but walked back that decision claiming the instructions were sent in error.
India’s government banned TikTok and 50 other China-based apps in June, calling them a “threat to sovereignty and integrity”. Last week, the US secretary of state, Mike Pompeo, said the Trump administration was “looking at” banning the app in the US, citing similar reasons.
The US army and navy instructed service members to delete the app from military devices in December. And in March, two Republican senators introduced legislation that would prohibit federal employees from using TikTok on government-issued work phones.
The US and India each have a complicated relationships with China, with Washington and Beijing locked in a years-long trade war that shows few signs of letting up. In 2019, the Trump administration banned products from the Chinese firm Huawei from the US and just this week threatened sanctions against employees of the company.
Meanwhile, India’s ban on TikTok came after a violent confrontation between Indian and Chinese troops.
“This is the perfect storm of technology meeting geopolitical rivalry,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These kinds of things are being used as bargaining tactics in geopolitical trade negotiation.”
TikTok did not respond to a request for comment.
guardian.co.uk © Guardian News & Media Limited 2010