Is TikTok really a Security Risk, or is it just another case of Chinaphobia?

So you’ve Never Heard of TikTok?

In case you’ve been living under a rock recently, you’ll have heard of TikTok. The company was founded in 2016 and is owned by a Chinese company called ByteDance.

TikTok has become the fastest-growing social media app ever, and it now boasts more than 1.5 billion users, that’s over 30% of everyone on the Internet.

And many of those users are Americans.

But all of a sudden, governments around the world are tripping over themselves to ban TikTok for their employees and lawmakers.

Who is Banning TikTok, and Why?

Despite former President Donald Trump trying his best to banish TikTok from Apple’s App Store and Google Play in the United States, in the end, it was not banned, at least until now.

But the TikTok app has recently been banned from all mobile phones owned by or paid for by US Federal agencies. The ban comes into force by the end of March, and in addition, it will also be banned for Federal contractors within 120 days.

Canada, some European Union countries and the British have done the same, effectively banning the app from government or military mobile devices..

Why is it being banned?

National security is the short answer.

What is TikTok Accused of?

Essentially there are three main arguments.

#1 Excessive Data Collection

It's no secret that mobile and desktop apps (especially social media apps) collect a vast amount of data about you. Depending on the permissions you grant, most mobile apps can access your contacts, see what other apps are installed, and even track your precise location. Similarly, your desktop or mobile web browser collects data using cookies, Facebook pixel code and Google Analytics code, embedded in most websites.

But does TikTok collect more data than other social apps like Facebook?

According to the BBC a TikTok spokeswoman said that the app's data collection is "In line with industry practices".

In addition, a series of studies around the world found that TikTok collects no more data than similar social apps.

A paper by the Georgia Institute of Technology concluded that “TikTok is a commercially motivated enterprise and not a tool of the Chinese state”

#2 Brainwashing

Last year the director of the FBI told elected US government members that he feared TikTok could be used to influence people, by tweaking the app’s recommendation algorithm.

But didn’t Elon Musk’s recent release of Twitter files show us that Twitter was doing almost the same?

While it is true that the local Chinese version of the app “Douyin” is reported to be censoring content for the Chinese government, and promoting content that is considered to be “of educational value” to ensure that it goes viral, it seems that TikTok is more interested in using their AI algorithm and the network effect, to rapidly grow their audience.

In their paper in the link above, the Georgia Institute of Technology analysts also found no evidence of censorship by TikTok, and they said that

“TikTok’s success - both as a commercial enterprise and as a point of convergence for the exchange of cultural products at scale - is based on identifying what people want, and giving it to them”

#3 Chinese Government Spying

We all know that the vast amounts of data collected by social apps, Google and other companies is monetised by selling it to advertisers so they can better target us.

And for years governments have assumed that this data will not be misused.

But the fact is that with enough money, anyone can buy this data. And of course, it can be used to profile and target you, by anyone from legitimate e-commerce businesses, and spy agencies to organised crime networks.

Don’t forget that employees with privileged access to such mass personal data can also access and abuse collected data, even our real-time GPS location.

And there has been one such case where several TikTok employees did just that, tracking US journalists to see if they were meeting TikTok employees suspected of leaking information to the media. The TikTok employees were subsequently fired.

Thankfully most organisations have safeguards in place that will detect the abuse of personal information, and that’s why we have regulations like GDPR in the EU.

And to be fair, TikTok have reacted to criticisms, by deciding to locate data belonging to EU and British data subjects, in datacentres in Ireland, which is in the EU.

Is TikTok a Cyber Risk or Chinaphobia?

Are these countries justified in banning TikTok from government devices?

Absolutely.

Although ByteDance or TikTok may not be brainwashing federal agents, or spying on government employees right now, they easily could, and geolocation data from foreign government employees could be very useful to the Chinese military.

Because we now live in a world of microservices and agile software development in the Cloud, software can be updated almost instantly, and it's easy to deploy new features to mobile apps without users noticing any difference whatsoever.

But here’s the thing

By only banning TikTok (or Chinese apps) from government and military mobile devices, surely someone is missing the point.

TikTok is just the Tip of the Iceberg

Mobile devices used by employees working in government, military or other high-risk jobs, should all be managed by an effective mobile device management (MDM) platform.

There must be a strict app management policy in place, banning all social media apps, personal email, and any other app that could be leveraged or abused by government agencies (including your own), international organised crime or hacking groups.

You are not going to make anywhere great again by just banning TikTok.