TikTok Cybersecurity

The Countdown To The End Of TikTok?

What Is Going On With the TikTok Cybersecurity Threat?

Over the middle few months of 2020 the social media app TikTok has grown rapidly in popularity, and videos appearing on the app have been going viral for some time.  But at the same moment the app is being banned in a variety of settings, for a variety of reasons, most of them cybersecurity related.  This all, of course, comes at a time when the President of the United States, Donald Trump, has signed an Executive Order, effectively giving TikTok 45 days to either sell to a United States interest or be banned from the United States altogether.

This is hardly the first national action against TikTok, as India banned the app (along with 58 other Chinese owned apps) on June 29th. That action was met with stunned responses by TikTok users in the country, including Arman Rathrod who has amassed seven million followers and was making a living as a professional influencer on the app.  Others in the country report similar losses, but it was a ban inspired by a border skirmish between the two countries, with India declaring the apps a national cybersecurity threat.

Here in the United States there had also been orders banning TikTok from Congress, from the Army and Coast Guard, and in a number of other contexts.  At a time when tensions between the United States Department of State and China are at an all time high the app has become a firebrand as a potential spying tool for the Chinese government, but also in political discussions as many residents of the United States use and love the app.  In fact, it has even become entrenched in one of the most All-American pastimes, with the New York Yankees baseball club signing a deal with TikTok.

So what is TikTok, how did it get so popular, are there real security risks with TikTok, where do we stand today, and where will this go from here?  There’s a lot to unpack, but the threat does seem real.  Just this week TikTok, based upon a Wall Street Journal investigation, was alleged to have violated Google’s Android rules by collecting MAC addresses and other device identifiers.

What Is TikTok And Where Did It Come From?

Simply put TikTok is an app developed by ByteDance, a tech giant in China that owned a similar app called Douyin that was popular in China and wanted to develop an audience in North America.  ByteDance combined the features of Douyin with those of Music.ly, an app that was already popular in the United States.  What made TikTok so popular was voluminous access to music and filters, as well as movie clips, to make the fifteen second videos incredibly wide ranging. 

What also made TikTok popular was the algorithm, which was more powerful than other apps and quickly learned what users liked and disliked, enabling videos to go viral quickly and rocket creators to fame. One such example would be Little Nas X, whose hit song ‘Old Town Road’ was the earworm of 2019 after going viral on TikTok. Data shows that the app is most popular in India…well, it was…seconded by China and the United States, where there have been over two hundred million downloads.

Currently TikTok has plans, even in the face of a potential ban in the United States, to hire as many as 10,000 workers here.  The biggest needs are in sales, engineering and moderation, and they signed a major lease at Four Times Square in New York, with other major offices in California, Texas and Florida. This is comparatively fast growth compared to other tech companies, though it would be a while before TikTok grows to the size of Twitter or Facebook.  Indications are that young people would love to work at the company, regardless of the stance their government is taking.

Are There Real Security Concerns?

A lot of the concern around TikTok data is speculative, and not necessarily based upon known facts.  That said, the concerns are real.  A letter from Senators Tom Cotton (R-Arkansas) and Chuck Schumer (D-New York) revealed some of the major concerns. First and foremost they stated that, “While the company has stated that TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China. Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.”  Additionally, “Questions have also been raised regarding the potential for censorship or manipulation of certain content. TikTok reportedly censors materials deemed politically sensitive to the Chinese Communist Party, including content related to the recent Hong Kong protests, as well as references to Tiananmen Square, Tibetan and Taiwanese independence, and the treatment of Uighurs. The platform is also a potential target of foreign influence campaigns like those carried out during the 2016 election on U.S.-based social media platforms.” 

TikTok has seen similar concerns raised by Mike Pompeo, the United States Secretary of State, who repeated the claim that data from the app could well be being sent directly to the Chinese Communist Party. This, in a time where there is also a trade war between the United States and China and misgivings about the handling of the Coronavirus, is also an escalation of tensions.  It has also been reported that the United Kingdom and Australia have launched investigations into TikTok, but no specific reason has been given for those investigations or what is meant to be uncovered.

Regardless, we do know quite a bit about what data TikTok collects from users, including which videos are viewed and commented on, location data, device make and operating system and keystroke rhythms. Additionally they do record copy-and-paste clipboards, but so do other apps, and TikTok has themselves stated that they collect data very similarly to Facebook, while at the same time pledging to be vastly more transparent. TikTok has an American Chief Executive Officer in Kevin Mayer with a history at Disney. Additionally the app is growing in the European Union, with a data privacy operation and data center being part of a $500 million investment in Ireland.

Where Do We Stand Today?

While President Trump’s aforementioned Executive Order has been in the news, it is clear that his hope is to have TikTok purchased by a company in the United States.  Senator Lindsey Graham chimed in on Twitter by saying: “What’s the right answer? Have an American company like Microsoft take over TikTok. Win-win. Keeps competition alive and data out of the hands of the Chinese Communist Party.”

Microsoft has stepped up to the plate, and a potential purchase may be in the works.But Microsoft founder Bill Gates has said the purchase may be a ‘poison chalice’, and others have wondered if this is an ‘easy-money scheme’ for the company.It may also be the next big thing, with Microsoft unveiling the ‘Netflix of gaming’ soon and hoping to attract a younger audience.  Another player that has stepped to the plate is Twitter, which has had merger talks with TikTok as the ban looms. This move by Twitter has been met with less skepticism than the potential Microsoft purchase, although neither is a good option.

OK, So How Would a Ban Actually Work?  Or Would It?

The first steps would be the easiest: preventing new users from being able to download the TikTok app.  Two measures would be put in place.  One would be ordering Apple and Google to remove the app from their marketplaces.  Next would be adding TikTok to a Department of Commerce entity list banning United States based companies from doing business with the apps.  

But those measures would not remove TikTok from the devices of existing users.  That would require a ‘kill switch’ from Apple and Google, but both companies would likely be loath to do such a thing to their users devices.  So the next option would be compelling internet service and data providers to block access to TikTok’s servers, which would also remove the ability to watch the videos via the internet in other forms besides mobile.  Otherwise the government would need to take measures banning the apps from the employees they control.

Legally there is another option, which is the Committee of Foreign Investment in the United States, or CFIUS, to invalidate the merger of TikTok and Music.ly, but that might just create other avenues of discord.  And it’s certain that TikTok will take legal action of their own, as well as users of the app finding the ban unpopular, turning the ban into a political liability.  

Conclusion

Social media is a huge part of everyday life for many United States citizens.  TikTok in particular seems to be the dominion of the young, but more and more others are jumping into the fray.  TikTok clearly presents some security and data privacy issues, but so do apps like Twitter, Facebook, and even LinkedIn.  The best advice is to carefully review the terms and conditions and privacy policies of all apps and remember that they are privileges and not rights.  

At the end of the day many influencers and performers will find other platforms, and many will not.  But it is far more paramount that we protect our data from adversaries and those we aren’t close with.  This is an interesting story, and these apps have the power to move minds and hearts, and in times of political divide that may be scarier.  But we all have a role in being vigilant.  
New call-to-action

[social_warfare]

About the Author

Thomas Coke

Thomas Coke

Thomas Coke is the Chief Strategy Officer of BitLyft Cybersecurity. He has a JD from Michigan State University College of Law, a BA in Economics from Kalamazoo College and has years of experience in technology startups with a few successful exits. He can be reached at tom.coke@bitlyft.com and on LinkedIn at https://www.linkedin.com/in/thomascoke/
Scroll to Top