Blog

TikTok Users Are Bleeding Data

For good or for bad, TikTok is one of the most popular mobile entertainment apps in the United States today. Its appeal to teens and a youthful demographic has captured a massive and growing audience with its community platform for creation and sharing short-form videos. It all sounds like fun and games, which are undeniable facets of its meteoric rise in our modern culture. A recent report by cybersecurity firm Internet 2.0 however highlighted the hidden dangers of TikTok’s “excessive” data collection regimen, and it has many users wondering if their data is somehow at risk.

To further understand this threat, we must zoom out to look at the entire picture including the app itself, the code behind it, how the app is being used, the company itself, and the data that is likely affected by this app. TikTok is a Chinese app that is owned by ByteDance. The Western world is only now beginning to understand the potential alliance and influence that exists between state government agencies and private social media firms, especially with companies such as TikTok that are collecting massive amounts of data and attempting to influence information to varying extents.

Government Influences

In China, there is little question that private companies are closely linked and aligned with the wishes of its governing party, the Chinese Communist Party (CCP). The tech industry can simply look at the journey of Huawei for evidence of the CCP attempts at tampering, and spying by creating notorious backdoors. Based on multiple stories, it appears that the CIA and other western intelligence agencies not only have proof of the Huawei backdoors into major local telecom firms, but also that Huawei received funding from Chinese state security agencies. The ByteDance audience, however, continues to grow with little challenge from anyone else in the marketplace and in the minds of youth. Is ByteDance, with its market position and foothold into millions of mobile devices, susceptible to its country’s party influence? It is not a stretch to say “how could they not be”?

Awakening to Privacy Concerns

At the center of concerns are the TikTok privacy practices, and the claims of invasive privacy issues keep piling up. Significant reports indicate that the data collection practice outpace anything that Facebook, Instagram, or Twitter have ever imagined. It quite plausible that the Chinese government has access to and leverage to collect all of this accumulated data. Meanwhile, TikTok is profusely collecting data at such a large scale that it’s raised alarms across the world that resulted in:

These concerns aren’t just some sudden developments. A while back, research uncovered how the app installs browser trackers on subject devices. While that might seem common and perhaps insignificant, the tracker can reveal all of a user’s internet activities without authorization or notification. The app is also reportedly using fingerprinting technique which serves to identify specific users and their activity. That means the internet activities of any TikTok user wind up in the hands of Chinese entities and they know who you are with near absolute certainty, along with all your browsing history.

When App Features Become App Threats

TikTok requires access to a phone’s camera and microphone as part of its service. Consumers expect the convenience of allowing trustable applications to have access to these components, but one has to wonder about how TikTok is using its permissions. They could be secretly recording conversations and video resources.

In its defense, ByteDance has stated that its wish is to serve a more global audience and therefore minimizes its links to China itself. This is very difficult to envision however, given the absolute control the CCP has over a company like this. It is not something that will just be able to ‘leave’. Does it surprise anyone that ByteDance wants this in every country?

Is There Any Hope for TikTok Privacy?

You love it. You want it. Your kids want it. So – is there any way for the average person to use the application and protect their data?

Well, you might be able to limit some risk by controlling specific permissions, but it would probably not be long before changes reset all those configuration settings, or another form of circumvention emerges. In summary, the ByteDance privacy practices are abhorrent and there appears that there is nothing that anybody is willing to do about it.

When a sworn political and economic enemy is in a clandestine position of planting an immovable trojan horse upon a willing and complacent population, there is little hope they are just going to give up that position. The only way to remove that trojan horse is to root it out and burn it down with no regrets, all while building up a comprehensive security strategy for your organization, and for you individually.

This article was originally published in Forbes, please follow me on LinkedIn.