Discover more from Heuristic Security
Is TokTok’s Time Up?
The danger that the TikTok app poses is becoming clear to everyone
TikTok’s days appear to be numbered, at least as it comes to being accessible to an increasing number of US workers. After being banned recently by several US state governments from the devices of state workers, as well as by the US military, a bipartisan bill is pending in Congress to ban the app from the devices of all government workers. So, what’s causing all the concern?
Thanks for reading Heuristic Security! Subscribe for free to receive new posts and support my work.
What’s the problem?
When Donald Trump first raised the alarm about TikTok as a national security threat in 2020, it was at first widely dismissed as a political stunt or grandstanding against China, where the app’s parent company, ByteDance, resides. However, time has born out the alarm he raised. Bipartisan concerns have been raised at all levels of the government about the app’s ability to collect data on its users and make this available to the Chinese Communist Party (CCP).
The information that is collected by the TikTok app is frankly staggering, and even more shocking, it is spelled out in the Terms of Service for the app (you know, the legalese that nobody ever reads when installing an app). This data includes such items as the device you are using, your location, IP address, search history, the content of your messages, what you’re viewing, and for how long. It also collects device identifiers to track your interactions with advertisers, and it can read your device’s clipboard. TikTok can infer such factors as your age range, gender, and interests based on the information it has about you. In the US, TikTok can also collect biometric information such as your face and voiceprints. This is only a part of the information that is aggregated about you that is accessible to the CCP.
In addition to the massive privacy implications of all of this data collection, TikTok accounts have been accused of interfering in US elections. And, perhaps most concerning, is the impact that TikTok is having on the mental health and well-being of children. TikTok has been found to be recommending information regarding suicide to children as young as 13, as well as pushing content that promotes other forms of self-harm. It is especially interesting that while TikTok is pushing this content on US children, such content is blocked from Chinese TikTok children.
Taken as a whole, there appear to be multiple legitimate reasons to think that TikTok is a Chinese cyber weapon, as FBI Director Christopher Wray recently characterized it.
What can you do?
If you are concerned about the security of your company’s information, you should consider that the use of this app on company-owned or managed devices may pose the same risk to your company’s information as it does to government information. As such, you can block the app from these devices, on either a policy or technical level depending on how you manage them, to protect your company’s information from possible CCP access. Likewise, you may wish to educate your staff on the risks that this app may pose to their personal information if they are using it on their personal devices.
On an individual level, it would make sense that if you are using this app yourself, that you delete your account and the app itself from your devices. This is especially true if it is installed on the mobile devices (phones and tablets) that your children may be using, due to not only the privacy risks, but also the harms (including death) that have occurred to children exposed to it.
Your safety begins with being aware of the threats you face and the risks that they pose. Stay sharp, and stay safe.