United States Cybersecurity Magazine

ProcessBolt
TikTok

TikTok Ban Results in Oracle Deal After Security Concerns

TikTok is a fast-growing, video-based social media service that has undergone intense scrutiny for being owned by a Beijing-based company called ByteDance. These concerns revolve around both their relationship to China and their access to our data. Though it ranks among the most popular apps in the world, India was one of the first countries to ban it along with other Chinese apps. In addition, various companies, notably including Wells Fargo, have made it a policy to forbid employees from using TikTok.

However, the conversation escalated on September 15, 2020, when President Trump framed TikTok as a threat to security. He gave China a 45-day ultimatum to sell the app to an American company or suffer the traffic loss that would occur by effectively banning the app in the United States.

On September 19, 2020, TikTok users around the country received a notification informing them that TikTok, though still up and running, would no longer be available in the App store. Some people laud the decision, claiming that TikTok is a danger to Americans. On the other hand, many deride the decision, claiming that banning apps is a dangerous precedent to set. Other users simply resent that they are losing an app that gives them joy during a pandemic.

Why TikTok? What’s the Deal?

The controversy surrounding TikTok is largely associated with President Trump. However, the first concerns about the app’s ties to China predate the President’s statements. Indeed, the concerns started with an investigation run by the Peterson Institute for International Economics. This report stated that the U.S. had been ignoring clear risks to our security. They cite that the biometric data, images, and locations the app mines could theoretically be shared with the Chinese government. The report claims that TikTok essentially can be leveraged as a Chinese surveillance software to extract Western military intelligence.

TikTok’s parent company, ByteDance, released a statement on October 24, 2019, saying that “Our data centers are located entirely outside of China, and none of our data is subject to Chinese law”. However, TikTok’s privacy policy previously had a statement warning users that they could plausibly share information with Chinese authorities if they are legally required to do so. This is a precedent that has already been set within America. Quartz published a report for the U.S. law enforcement data requests to various apps and the success rates from January 2015 to June 2015. Of the 17,577 requests for user data, Facebook complied with 80% of requests. Of the 12,002 requests for user data, Google complied with 78%.

As a result of these concerns, in October 2019, Marco Rubio asked that the Committee on Foreign Investments in the United States (CFIUS) investigate TikTok. In July of 2020, the United States Department of Treasury admitted CFIUS launched an investigation into TikTok. This came very quickly after Mike Pompeo announced the proposed “ban on TikTok“.

Is TikTok a Cybersecurity Risk?

TikTok, like any social media site, has had a problematic past regarding user data. In 2019, TikTok had to settle out of court with the Federal Trade Commission (FTC) due to accusations that they were collecting user information from kids under the age of 13. Another report from last month showed that TikTok was accessing user clipboards to save what people copy and paste. ByteDance claims this was a now defunct anti-spam measure.

These are valid concerns, though many argue that the security sins of TikTok are not worse than other apps like Facebook and Instagram. But this does not dispel security concerns, it only raises additional concerns about social media data privacy across the board. In its privacy policy, TikTok claims that it collects usage info, IP addresses, user’s mobile network carrier, unique device identifiers, keystroke patterns, location, and “other data”.

Is TikTok Giving Our Data to the Chinese Government?

There is no explicit proof that TikTok is a Chinese surveillance tool. However, there is proof that the app gathers more data than the average user would be comfortable with. In fact, TikTok likely gives larger data sets than most social media sites. This is due to the visual nature of the app. The entire premise of TikTok is taking videos of yourself, often lip-syncing a song. By actively using the app, you are divulging your likes, dislikes, consumer habits, locations, and patterns of life.

The Executive Order on Addressing the Threat Posed by TikTok addresses the mining of these data points, stating that the data collection processes may potentially allow “…China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”

Other issues that TikTok users are vulnerable to include addiction, misinformation campaigns, and cyberbullying. Many users are additionally young and vulnerable to the dangers that face kids on social media apps.

The Fate of TikTok

TikTok is currently in the hands of Oracle and Walmart. They are splitting 20% of shares to take over U.S. operations. The specific details of the plan, how it will affect the data, the users, and TikTok’s relationship with China, are not public at the time of this writing. However, the expectation is that the deal will satisfy users while simultaneously addressing and satiating American security concerns. As of now, TikTok is currently available on all phones that have previously downloaded it. However, it is not available on the app store and users cannot update it. This will undoubtedly cause problems down the road; if there is a security exploit, TikTok will not be able to offer a patch upgrade.

No one is sure exactly how this scenario will play out on the national stage. But it is important to remember that whether on TikTok, or any social media site, your data is being monetized. It is important to take proper precautions to not divulge certain information while on these apps. Limit time usage, and don’t assume that you have any true data security or privacy. It’s wise to err on the cautious side with any social media. Though TikTok carries the political implications between the United States and China, making the social media app more complex than others, the choice of what to divulge on these apps still carries a lot of weight.

Update

9/28/20: On Sunday, September 27th, 2020, a federal judge blocked President Trump’s proposed TikTok ban, temporarily allowing users to download the app. During an emergency hearing, lawyers argued that the ban on TikTok constitutes an infringement on First Amendment rights.

The fate of said app and the deal surrounding it is still pending. ByteDance, Oracle, and Walmart still must finalize their ownership structure. Until a specific deal is squared away, TikTok will continue to operate as normal. A full court hearing will occur, though there is no set date for the case.

SUBSCRIBE HERE
Create a strong password with a minimum of 7 characters using one uppercase, one lowercase, and one number.
Show privacy policy