If you’re a nonentity looking for attention, no app is better than TikTok. If conditions are right, even the most disturbed person can have their moment in the sun. TikTok advocates may think this is fine, but parents don’t always agree. Parents complain of TikToks addictive nature, but they’ve been complaining about addictive apps every time a new one surges to the top of the charts. Let’s face it, some people have addictive personalities and everyone becomes addicted to something sometime. The reason TikTok is addictive is the same way YouTube is addictive. It suggests other videos or content that a person may be interested in, leading them into a time-killing maze. Yes, it is possible that this maze, especially on TikTok, may lead to forbidden areas.
But this post won’t concern itself with the mechanics of TikTok or its potentially addictive properties. Let others argue that. I’m particularly concerned with another aspect of TikTok and that is the fact that it is the only Chinese social network app that is in widespread use throughout the West and all of the world, for that matter.
This fact brings into focus the question of whether or not it is being used as an information gathering tool by the Chinese government. To those not savvy about cybersecurity matters, this idea may seem farfetched. Those of us who’ve followed Chinese government-affiliated hackers and their activities for years know that this is a possibility that can’t be discounted.
Warnings of the link between TikTok and the Chinese government are nothing new. President Trump threatened to ban the app in 2020 if its Chinese owner, ByteDance, didn’t sell it to a U.S. investor. And there were, in fact, interested investors. But just as it seemed a sale was eminent, the Chinese government stepped in and said that ByteDance would not be allowed to sell off any parts of its company without a review by the Chinese government. They didn’t want to risk losing the AI algorithms being used by the app. A fight then ensued between TikTok and the Trump government as to whether Trump had the authority to ban the app. The battle was distinctly political with those supporting TikTok being linked to anti-Trump sentiments due to an incident concerning a Trump rally that was undermined by so-called TikTok Grandma, Mary Jo Laupp. Laupp was later hired to work with the Biden campaign.
To no one’s surprise, President Biden lifted all bans on TikTok in June of 2020. However, one year later, after investigating the company, Jim Lewis, a strategic technologies researcher at the Center for Strategic and International Studies (CSIS) concluded that. “if the Chinese government wants to look at the data that ByteDance is collecting, they can do so, and no one can say anything about it.” This has since been disputed by TikTok. But recently, information emerged that TikTok employees in China were, accessing U.S. data connected to TikTok users. This revelation led FCC Commissioner Brendan Carr to call for Google and Apple to remove TikTok from their app stores.
This alarm is likely to go unnoticed by both these app stores for the simple reason that TikTok is this year’s number one most downloaded app.
But the evidence that TikTok data is being given to the Chinese government through ByteDance is compelling. This evidence came in the form of leaks from people within the company. These leaks, consisted of “audio from more than 80 internal TikTok meetings” which contained “14 statements from nine different TikTok employees”. They were received and reported on by Buzzfeed.
The Chinese government has laws in place that allow it to look at any communications that take place in China. Thus, any information that ByteDance receives from the U.S. is available to the Chinese government. In response to such suggestions, TikTok CEO, Shou Zi Chew, wrote, “the Chinese government does not directly or indirectly have the right to appoint board members or otherwise have specific rights with respect to any ByteDance entity within the chain of ownership or control over the TikTok entity.” However, “as would be expected of any global company with subsidiaries, ByteDance plays a role in the hiring of key personnel at TikTok.” Maybe I’m overly paranoid but controlling who has the top positions at a company like TikTok could be problematic, especially if that person has been approved by the Chinese government. TikTok admits that it has acceded to government requests for information, as seen in the graph below.
Somewhat suspiciously, in my opinion, they claim that no requests came from China. That may simply mean that China would not need to request data that it already has permission to access. Putting everything on a U.S. server means nothing if someone in the Chinese government has access to that data or has someone who will act as a proxy to harvest and export the data. I’m not saying this is happening, but I am saying it is ludicrous to suppose that ByteDance would dare to enter a battle with the Chinese government if the government claimed they needed access to TikTok data for national security reasons.
Keep in mind that there is no TikTok in China. In China, it has an evil twin named, Douyin.
Douyin has collected massive amounts of data on Chinese users for years. This data can be used for marketing or surveillance purposes. Carr asserts that “TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints—which researchers have said might be used in unrelated facial recognition technology—and voiceprints. It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard.”
Personal information is usually harvested by social media firms to make money through marketing. That would not be the goal of the Chinese government. It is more likely that they would use the platform to influence public thought. This could easily be done by tweaking the algorithm that presents suggestions to users. They could lead them away from sensitive topics like the Uyghurs, Taiwan, or the occupation of Hong Kong and towards posts which present positive aspects of China. There may even be political candidates in the U.S. that they could support in this way. In other words, it is marketing for political gain.
The other dangerous use of TikTok information would be in targeting companies for information stealing. They would do this by harvesting information through TikTok on employees working for companies that they are particularly interested in. This would allow them to spearphish the employee to begin a cyberattack on the company. Such a well-crafted attack on a company network endpoint would allow hackers working for the Chinese government to penetrate the network and move through it, gaining administrative privileges along the way. In so doing, they would be able to access the company secrets that they want to take for their own use.
But, in the end, I don’t think TikTok users need to worry. It is unlikely that these apps will be banned on either Google Play or the Apple App Store. Besides, half of all Americans already have the app and there will be no ban on using it in any way they like. So, don’t worry. People will continue making cringeworthy videos for no particular reason. However, companies who believe in protecting their sensitive data should consider banning their employees from using the app or take alternative cybersecurity measures. In the end, China is getting your data, but there’s no reason to make it easy for them.