Read for 7 min
This story originally appeared on Business Insider
TikTok, the video sharing app whose rapid rise among young people has made it a challenger for Facebook, is under attack thanks to its Chinese roots.
The Trump administration said this month that it was considering banning the app in the U.S. as a whole.
Secretary of State Mike Pompeo first brought the news on Monday and told Fox News' Laura Ingraham that the government was considering a national security ban.
Pompeo warned viewers that downloading the app could mean that their data "fell into the hands of the Chinese Communist Party."
Related: U.S. government holds ban on Tik Tok
And online gaming mega star Tyler "Ninja" Blevins announced on Thursday that he would delete the app for privacy reasons.
"Hopefully a less intrusive data farming company that is not owned by China can legally recreate the concept," Blevins tweeted. Blevins is not a politician, but millions of young people – TikTok's largest population – follow who stick to every word.
TikTok is owned by the Chinese technology giant ByteDance with its headquarters in Beijing.
The Trump administration's argument is that TikTok collects huge amounts of user data that the United States then fears could be used by the Chinese government.
This "Chinese espionage" message was not entirely consistent, as Trump also proposed introducing a ban to punish China for the corona virus.
But is TikTok actually worse for tracking down your personal data than social media platforms like Facebook and Google? Business Insider spoke to data protection professionals to get an answer.
As for the data, TikTok says it's shit, it doesn't seem to be worse than Facebook
Zoé Vilain, chief privacy and strategy officer at data protection app Jumbo, told Business Insider that TikTok's privacy policies are no more intrusive than those of Facebook.
"I don't see much of a difference in what I see from the privacy policies and the privacy policies of Facebook and Instagram.
Related topics: How to use TikTok to promote your business
"Basically, they say that they use your usage data, behavioral data, preferences, friends, contacts to provide you with their service, to adapt the service and, of course, to advertise (…). This is exactly what Facebook does and Instagram does it too, "said Vilian.
Mike Pompeo told Fox News that the US is considering banning TikTok.
Photo credit: Laszlo Balogh / Getty Images
Vilain pointed out that the main difference between TikTok and Facebook or Instagram is the type of data that users routinely incorporate into the app, since TikTok relies on videos. "I think the main difference is that people record themselves and this is recorded," she said.
There is also the fact that TikTok is popular with younger people.
"It is also mainly used by teenagers who may be less aware and less concerned about what they share," said Vilain.
The FTC fined TikTok $ 5.7 million in February 2019 for insufficient protection of the privacy of minors. On July 7, the agency announced that it was investigating allegations that the company continued to violate children's privacy in the app.
There are still "justified concerns" about TikTok's poor security
Business Insider spoke to iOS developer Talal Haj Bakry who, together with developer Tommy Mysk, discovered a vulnerability in TikTok in March, which meant that he could access iPhone users' clipboards without their permission, which essentially meant that TikTok could read any text copied by the user. The researchers found that this could be as banal as a grocery list or more serious data like passwords or financial information.
As a result, it was also found that the apps from LinkedIn and Reddit read the clipboards of iOS users. All three companies have now changed their code after Apple started doing something against it with its iOS 14 update.
A TikTok spokesman said the reason the app read clipboards was to detect "repetitive, spammy behavior," and the company sent an update to the App Store to remove this feature.
In April, Bakry and Mysk also discovered a vulnerability in TikTok, which meant that users' uploaded videos could be intercepted and even replaced.
This vulnerability occurs because TikTok uses insecure HTTP connections to download videos from its servers. "All other social media apps have long switched to securing HTTPS for all network connections to protect user privacy and data integrity.
"Such a fundamental vulnerability does not create confidence in TikTok's ability to protect its users' data and it shows a negligent attitude towards security," said Bakry.
Related: Latest TikTok News & Topics
A TikTok spokesman told Business Insider: "TikTok prioritizes user data security and is already using HTTPS in multiple regions as we work to roll it out in all of the markets in which we operate."
Bakry believes that TikTok's Chinese roots could be a reason for security to be caught up.
"What sets TikTok apart are the different data protection laws and security standards between China and other parts of the world. There are different laws and regulations for protecting the privacy of end users in the United States and Europe," said Bakry. "China is only recently catching up on data protection laws, but it remains to be seen how effective these new laws will be in practice."
Bakry said there were "definitely legitimate concerns" about TikTok's security. "Regardless of whether it is intentional or just the result of rapid movements, the inadequate security of social media apps can pose a serious threat. These apps collect huge amounts of data from their users and become prime targets for bad ones." Actors who want to steal information, "he said.
Vilain agreed, regardless of whether the vulnerability was left open as a back door or as a result of poor security. "Whatever the reason, if you don't secure data collection, this is of course a threat and a breach of GDPR, for example in the European Union, and you should do something about it," she said.
TikTok tried to distance itself from its Chinese roots
Regardless of whether the TikTok app is technically more invasive or less secure than any other social media app, the Trump administration's argument depends on the idea that private companies in China can become representatives of the Chinese government.
While the app's review has increased, TikTok has been desperately trying to shake off the idea that it's a Chinese company.
"TikTok is managed by an American CEO, with hundreds of employees and key security, product and public policy executives here in the United States. We have no higher priority than promoting a safe app experience for our users. We have us have never provided user data to the Chinese government, and neither would we if we were asked to, "a TikTok spokesman told Business Insider.
TikTok itself is not present in China, but the international twin of its sister app Douyin, which operates in China.
TikTok has always claimed that no user data is stored on Chinese servers, although this was contested in a lawsuit filed by a user in December 2019.
A TikTok spokesman told Business Insider that the app's data is stored on servers in the United States with backups in Singapore.
In May 2020, the company hired a new American CEO named Kevin Mayer, who previously worked as a streaming manager at Disney.
In July, TikTok announced plans to withdraw operations from Hong Kong, along with a number of US technology companies, following the implementation of China's extensive new national security laws in the region.
Some critics said the withdrawal triggered a PR move because the sister app Douyin is more popular in Hong Kong than TikTok.
On Thursday, the Wall Street Journal reported that ByteDance is in talks to further restructure its corporate structure to help TikTok escape regulatory control abroad.