If you’ve heard of TikTok then you probably already know that the app has come under enormous scrutiny in recent months. In a rare move, the U.S. Navy and Army have both banned the app from government-owned devices, and the company is facing lawsuits for apparent misuse of user data.
For those of you unfamiliar with TikTok, it’s a smartphone app that allows users to film, edit and share short-form (15-second) videos publicly. It’s similar in concept to the now defunct Vine app, which famously allowed users to share six-second videos. But TikTok has eclipsed Vine’s popularity, having an almost cult following among hundreds of millions of teens and young adults around the world. It’s fun. It’s frivolous. It’s entertaining.
Why so serious?
For many people, the big concern stems from the way that TikTok’s parent company, ByteDance, collects, stores and uses the apps’s user data. That in itself is nothing new. Doesn’t Google scrape the content in our gmail accounts in order to serve up more appropriate, targeted advertising? And what about Facebook? Yes and yes, but there are important differences.
Unlike Google and Facebook, ByteDance is a Chinese-owned technology company, with little governance or oversight by U.S. authorities. Although the company has claimed many times that data generated by users in the U.S. is not sent to or stored on servers in China, that certainly hasn’t always been the case. This has led to a U.S. government national security probe of the company over concerns about data storage and the possibility that the company has violated freedom of speech by actively censoring politically sensitive content.
In a move that may seem very reminiscent of the issues facing Chinese technology giant, Huawei, lawmakers in the U.S. fear that ByteDance could be pressured to collect and hand over user data to the Chinese government. How would that impact the safety of users here, or in Hong Kong, or even Taiwan? It opens a whole Pandora’s Box of questions.
In its defense, TikTok has said that all data from U.S. users is located outside China (either in the U.S. or on back-ups in Singapore), and that although its parent company is Chinese, TikTok itself is not subject to Chinese law. It also states that it has strong policies to ensure cyber-security and the data privacy of every user.
Who’s telling the truth?
Unfortunately for TikTok, the evidence may point against it. A college student in California is suing the company in a class-action lawsuit, accusing it of transferring private user data to servers in China. The student admits that she installed the app and even created several videos, however she did not upload or post those videos to the site. Despite this, TikTok was allegedly able to piece together biometric data about her, including information about her device and the websites she had visited on her smartphone. This data was then found on two servers in China, both owned by large partners of ByteDance.
It gets worse. The lawsuit also claims that TikTok embeds hidden source code from Chinese tech giant Baidu in its app, along with code from Igexin, a Chinese advertising service that has the dubious distinction of secretly enabling developers to install spyware on users’ smartphones.
If even a small part of these claims is true, it would appear incredibly damning for TikTok’s credibility.
From the frying pan…
But wait, there’s even more. Compounding all of these serious allegations is the revelation this week that TikTok has (or ‘had’) major software vulnerabilities that, according to Threatpost, would have allowed hackers to partially take over users’ accounts and expose their personal information. Let that sink in for a minute.
I don’t know about you, but I’m not planning to get the TikTok app on my phone any time soon. Call me old fashioned, but risking your personal data and possibly that of your organization for the sake of a fad app just doesn’t sound like a good trade-off.