Read for 9 min
This story originally appeared on Business Insider
TikTok, the video sharing app whose rapid rise among young people has made Facebook a challenge, is under attack thanks to its Chinese roots.
The administration of Donald Trump He said this month that he is considering banning the app entirely in the United States.
The Secretary of State Mike Pompeo He brought the news on Monday for the first time and told Fox News’ Laura Ingraham that the government was considering a national security ban.
Pompeo warned viewers that downloading the app could mean that their data “fell into the hands of the Chinese Communist Party.”
And online gaming megastar Tyler “Ninja” Blevins announced Thursday that he would remove the app for privacy reasons.
“Hopefully a less intrusive company (data cultivation) that is not owned by China can legally recreate the concept,” Blevins tweeted. Blevins is not a politician, but millions of young people follow, the largest population in Tick tackthat cling to each of their words.
TikTok is owned by the Chinese technology giant ByteDance based in Beijing.
The Trump administration’s argument is that TikTok collects large amounts of user data that the U.S. fears could be used by the Chinese government.
This “Chinese espionage” message was not entirely consistent, as Trump also proposed introducing a ban to punish China for the corona virus.
But is TikTok really worse for spying on your personal data than social media platforms like Facebook and Google? Business insider He spoke to data protection experts to get an answer.
Image: Kon Karampelas on Unsplash
Zoé Vilain, director of data protection and strategy for the data protection app Jumbo, said Business insider In compliance with TikTok’s data protection regulations, this was no more intrusive than that of Facebook.
Mike Pompeo told Fox News that the U.S. is considering banning TikTok / Image: Laszlo Balogh / Getty
Vilain pointed out that the main difference between TikTok and Facebook or Instagram is the type of data that users normally connect to the application, since TikTok depends on the video. “I think the main difference is that people take on themselves,” he said.
There is also the fact that TikTok is popular with younger people.
“TikTok mainly for teenagers who may be less aware and less concerned about what they share,” said Vilain.
The FTC fined TikTok in February 2019 for $ 5.7 million for not adequately protecting the privacy of its underage users. On July 7, the agency announced that it was investigating allegations that the company continued to violate children’s privacy in the app.
However, there are “justified concerns” about TikTok’s poor security.
Image: Visuals via Unsplash
Business insider He spoke to iOS developer Talal Haj Bakry who, together with Tommy Mysk, discovered a vulnerability in TikTok in March, which meant that he could access iPhone users’ clipboards without their permission, which meant that TikTok could read any text could who did this The user copied. The researchers found that this could be as banal as a grocery list or more serious data like passwords or financial information.
As a result, it turned out that the LinkedIn and Reddit apps also read the clipboards of iOS users. The three companies have now changed their code after Apple started doing something against it with its iOS 14 update.
A TikTok spokesman said the reason the app read the clipboard was to identify “repetitive and undesirable behavior,” and the company sent an update to the App Store to remove this feature.
In April, Bakry and Mysk also discovered a vulnerability in TikTok, which allowed users to intercept and even replace uploaded videos.
This vulnerability occurs because TikTok uses insecure HTTP connections to download videos from its servers.
“All other social media applications have long switched to secure HTTPS for all network connections to protect user privacy and data integrity. Such a fundamental security vulnerability does not create confidence in TikTok’s ability to protect its users’ data , shows a negligent attitude towards security, “said Bakry.
A TikTok spokesman said Business insider: “TikTok prioritizes the security of user data and is already using HTTPS in several regions as we work to integrate it in all markets in which we operate.”
Bakry believes that TikTok’s Chinese roots could be a reason he is catching up with security.
“What sets TikTok apart are the different data protection laws and security standards between China and other parts of the world. There are different laws and regulations for protecting the privacy of end users in the United States and Europe,” said Bakry. “China has recently caught up on data protection laws, but it remains to be seen how effective these new laws will be if they are implemented.”
Bakry said there were “definitely legitimate concerns” about TikTok’s security. “Whether intentionally or simply the result of rapid movements and fragile things, inadequate security of social media applications can pose a serious threat. These applications collect huge amounts of data from their users and become prime targets for bad actors who are trying to get information steal, “he said.
Vilain agreed regardless of whether the vulnerability was left open as a back door or due to lack of security. “Whatever the reason, if you don’t ensure data collection, this is of course a threat and a breach of GDPR, for example in the European Union, and you should do something about it,” he said.
TikTok tried to distance itself from its Chinese roots
Regardless of whether the TikTok app is more technically invasive or less secure than any other social media platform, the Trump administration’s argument depends on the idea that private companies in China can become representatives of the Chinese government.
While the app’s review has increased, TikTok has been desperately trying to shake off the idea that it’s a Chinese company.
“TikTok is managed by an American CEO with hundreds of key security, product and public policy executives here in the United States. We have no higher priority than promoting a secure application experience for our users. We have never provided user data to that Chinese government, and we would not do it if we were asked to, “said a TikTok spokesman Business insider.
TikTok itself is not present in China, but it is the international twin of its sister app Douyin, which operates in the Asian giant.
TikTok has always claimed that no user data is stored on Chinese servers, although this was contested in a lawsuit filed by a user in December 2019.
A TikTok spokesman told Business Insider that the app’s data is stored on servers in the United States with backups in Singapore.
In May 2020, the company hired a new American CEO named Kevin Mayer, who was formerly a Disney executive.
In July, TikTok announced that it would withdraw its Hong Kong operations along with a number of American technology companies following the implementation of China’s new national security laws in the region.
Some critics said that Withdrawal smelled like PR strategy, because the sister app Douyin is more popular in Hong Kong than TikTok.
Thursday, The Wall Street Journal He reported that ByteDance is in talks to further restructure its corporate structure to help TikTok escape regulatory oversight.