Should You Delete TikTok? Experts Explain the App’s Security Risks

0
515

If you’ve recently perfected your “Savage” dance, we’re sorry to be the bearers of bad news: You may need to delete the TikTok app from your phone soon.

TikTok, a video social networking app owned by the Beijing-based company ByteDance, has come under scrutiny over privacy concerns and its alleged ties to the Chinese government. “We are now evaluating each instance where we believe that U.S. citizens’ data that they have on their phones or in their system or in their health care records. We want to make sure that the Chinese Communist Party doesn’t have a way to easily access that,” U.S. Secretary of State Mike Pompeo told reporters last week.

As a result, TikTok and other apps from Chinese companies are at risk of being banned. The U.S. Army and Navy have already ordered the removal of TikTok from government phones, declaring in December that the app is a cybersecurity threat.

Global Concerns Over TikTok Are Growing

TikTok’s security flaws aren’t a new problem. In February 2019, TikTok paid a $5.7 million fine to the Federal Trade Commission to settle a claim alleging that an earlier version of the app, known as Musical.ly., illegally collected data on children under 13, a violation of the Children’s Online Privacy Protection Rule.

That same year, a California college student filed a class-action lawsuit accusing TikTok of creating accounts without user consent for individuals who downloaded the app. “In the court documents, it is alleged that TikTok transferred user data to two servers in China (Bugly and Umeng), which included device and website information, as well as biometric data from videos on the device,” said Charla Griffy-Brown, a professor of information systems and technology management at Pepperdine University’s Graziadio Business School.

Bugly is owned by Tencent (which also owns the social network WeChat) and Umeng is part of the Alibaba Group, both of which are major players in the Chinese data sector.

The lawsuit also alleged that the TikTok app contains code from Igexin, a Chinese advertising company that was revealed in 2017 to allow developers to install spyware on phones, and from the Chinese internet company Baidu, Griffy-Brown said.

In March, it was discovered that TikTok was one of more than 50 apps that were reading the content on iOS 14 users’ clipboard notes thanks to a privacy vulnerability in Apple’s copy-and-paste feature.

And in May, a complaint was filed with the FTC alleging that TikTok was in violation of its 2019 settlement agreement by failing to destroy all personal information collected from users under the age of 13, as well as by allowing underage users on the platform without parental consent.

Adding to the negative buzz are unverified claims from a Reddit user who said he reverse-engineered the app and from a Twitter account that may or may not belong to the hacker collective Anonymous that TikTok “collects vast amounts of data ― far more than, for instance, Facebook and Instagram,” said David Janssen, a cybersecurity analyst and founder of VPNoverview.com. “[The Twitter account] stated that TikTok is essentially spyware developed and operated by the Chinese government.”

It’s not just the U.S. that’s worried about TikTok.

In June, the European Union announced a coordinated investigation into how TikTok handles user privacy, which it coupled with concern about the development of facial recognition technology.

“Pedagogical experts in Europe have also warned about the risks of grooming, child abuse and identity theft when using the TikTok app” as it provides predators and scammers an easy way to observe and communicate with minors, Janssen said.

Last month, India banned TikTok and 58 other apps from China. That was a major blow for TikTok, which lost around 25% of its user base overnight. This, Janssen said, was likely the result of strained political tensions between China and India and not just security issues.

Political tensions may be contributing to the heightened attention to TikTok in the U.S., too. “Although these concerns are not new, they have recently made headlines after information came to light that [users of] TikTok may have played a significant role in the low turnout at President Trump’s campaign rally in Tulsa, Oklahoma, despite a large number of tickets being reserved,” said Liz Kleinberg, a Vermont-based attorney whose practice includes data privacy and security. “Secretary of Defense Pompeo has said that the renewed scrutiny is based on national security concerns. President Trump has said he is considering banning TikTok as ‘one of many’ ways to get back at the Chinese government because of COVID-19.”

Should You Really Worry About TikTok Spying On You?

TikTok and its parent company, ByteDance, have taken several measures in response to the outcry over security issues, including hiring an American chief executive. The company insists that users should not worry about their privacy.

“Tens of millions of Americans come to TikTok for entertainment, inspiration and connection, especially during the pandemic. We are fully committed to protecting our users’ privacy and security,” a TikTok representative told HuffPost. “TikTok has an American CEO, a chief information security officer with decades of U.S. military and law enforcement experience and a growing U.S. team that works diligently to develop a best-in-class security infrastructure. TikTok U.S. user data is stored in Virginia and Singapore, with strict controls on employee access. These are the facts.”

Even so, Janssen said it’s naive to think a company like ByteDance can completely distance itself from the influence of the Chinese government.

China has been accused of spying on Western companies and stealing intellectual property at scale. The FBI has called China’s theft of technology the biggest law enforcement threat to the U.S.

Sens. Tom Cotton (R-Ark.) and Chuck Schumer (D-N.Y.) sent a letter to Joseph Maguire, the acting director of national intelligence, asking for an assessment of the national security risks TikTok poses.

While “ByteDance claims TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China,” said a news release from Cotton’s office. “Importantly, security experts have voiced concern that China’s intelligence, national security and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party.”

TikTok was heavily criticized for censoring video pertaining to the protests in Hong Kong, Janssen said. “Critics argued that this is a telltale sign that ByteDance is applying censorship and is being subjected to the pressure and influence of the Chinese government,” he said.

Should You Delete TikTok?

Whether or not the U.S. government will actually ban TikTok is up in the air. Still, you may be wondering whether it’s wise to go ahead and delete the app now.

You don’t necessarily need to go that far, Kleinberg said. But you should be aware of what types of data the app can pull from your account and use it with caution. “App users, and parents of app users who are children, should carefully scrutinize TikTok and any other apps,” Kleinberg said. Deleting TikTok might be the absolute safest thing to do, but it doesn’t seem warranted by the information currently available, she added.

Even so, Griffy-Brown said the concerns are serious ― not just because of privacy, protecting children, industrial espionage and user consent in data collection, but also because of darker issues with the potential use of biometric information, such as the development of deep fakes.

“A free society must carefully consider data rights and ask questions about those rights,” Griffy-Brown said. “Citizens should also consider the moderation guidelines ensuring misinformation is flagged, and these guidelines should be transparent so individuals can make informed decisions. These guidelines must be carefully balanced with free speech.”

Ultimately, it’s up to you to decide whether you’re comfortable using an app that could be compromised by a distrusted foreign government.