top of page

On TikTok: A Cybersecurity Perspective


INTRODUCTION

Amidst America’s political trade war with China, last week President Trump has called for a ban on tik tok- a Chinese social networking app used to make short dance, lip-sync, and comedy videos. Tik tok is owned by Bytedance; a Beijing-based technology firm founded in 2012. To Bytedance’s good fortune, Tik tok has been downloaded a record-breaking 2 billion times across the globe and has generated over $6 billion in revenue. However, following accusations that tik tok spies on users, the number of governments and corporations ordering their employees to delete tik tok for the sake of cybersecurity is rising.


The list of anti-tik tok companies now includes Wells Fargo. Although India contains the highest number of tik tok users in the world, the Indian government has officially banned the app. U.S. government agencies, the military, and both democratic and republican committees strongly discourage any members from using the app as well. But why is there such concern over a mere entertainment app? On the surface, tik tok’s data collection may appear as benign or miniscule compared to the massive data-collecting giants of Facebook or Twitter, but it can be equally (if not more) dangerous. The best way to understand the security concerns surrounding tik tok is to review its privacy policy.


TIK TOK PRIVACY POLICY & VIOLATIONS

Firstmost, the tik tok privacy policy openly states that it collects a vast amount of user data and personal information. It does not hide the fact that users grant tik tok access to use their camera, microphone, contact lists, and other services. Additional liberties that tik tok has control over are the following:

  • Location data of a user based on their SIM card, IP address, or GPS

  • Paypal or financial payment information when a user wishes to make in-app purchases

  • Collection, scanning, and “analyzing” information that a user provides in sending messages through tik tok. Such information includes the message’s content and the participants of the message.

  • Information about a user’s device, including their IP address, device model, mobile carrier, time zone setting, operating system, keystroke patterns, etc.

In their policy, tik tok states that users are able to make their own choices about what data they choose to share, as well as whether they choose to create an account.

However, last year in 2019, a lawsuit filed by a California student, Misty Hong, accused tik tok of creating an account for her so that her information could be collected. According to the report, Hong downloaded the app to make a few videos, but tik tok sent the information to its servers in China without her knowledge.


With allegations against its Chinese background, tik tok claims that all user data is stored on servers in the U.S. and Singapore, but there are still suspicions as to where that data eventually ends up (on Chinese servers) or what it is actually used for. Several companies have also submitted lawsuits against tik tok for illicitly collecting IP addresses, network contacts, and other information on employees without their permission. As a result, fears regarding tik tok and the security of governments, private corporations, and individuals then arose.

TIK TOK’S ADVERTISING MACHINE

Currently, (from what can be assumed) the “dangers” of tik tok lie in users falling victim to advertising services. Tik tok creates extremely personalized recommendation systems that learn the preferences of users based on the collection of their data. Tik tok then uses those preferences (shared with their many business partners) to generate targeted advertising which generates massive revenues. For example, view the following tik tok information of a user:

Name: Jane Doe Age: 18 Location: U.S. Most Viewed: Dance videos by popular tik tok female influencers Charli D’Amelio, Annie Leblanc, and Addison Rae. Ads Viewed: Stylish clothing by Boohoo, PrettyLittleThing, and FashionNova

Tik tok uses this basic data collected from “Jane Doe” to fill her platform with ads that highly match her user profile. They take the facts that “Jane Doe” is 18 years old, is from the U.S., enjoys watching dance videos, and fills up her platform with clothing ads that she will likely click on to shop. Tik tok’s information-gathering algorithm takes all data of a user into consideration so that they are able to make a profit.


This is not necessarily a bad thing, and nor is it any different from what Facebook, Amazon, or any other corporation is doing. Targeted advertising fueled by AI recommendation systems and consumer observation is standard practice in our modern time. The real danger of tik tok is the other applications of what their algorithm can be used for.


WHAT ARE THE DANGERS OF USING TIK TOK?

Finally, the dangers of tik tok can be discussed according to cybersecurity in the future. Users need to more seriously consider the consequences of how much data they choose to give to social media platforms. It is not a concern that “Armageddon” will ensue, but rather that companies like Bytedance, Facebook, and Google are controlling a ridiculous amount of information for almost every individual on the planet.


In all honesty, such companies are the owners of all data. When a user agrees to make a Facebook account, they are partially giving their information away with full knowledge that Facebook can use it without their updated permission. With respect to a few regulations, companies like tik tok or Facebook can store a user’s data wherever they want to. They can perform analytics, behavioral profiling, data experimentation, or choose to provide a user’s personal data to any business partner, advertiser, law enforcement officer, etc. Only 2 years ago in 2018, this is exactly what happened with the Cambridge Analytica scandal, and it will happen again.


With the advancement of AI, the possibilities of what our personal data can be used for only increases. Tik tok, for example, can use biometrics and facial recognition on users that make videos with facial close-ups. Their recommendation algorithms can be used to perform excessive profiling of an individual; anticipating their thoughts, feelings, or decisions. The location-tracking features of such an app (which may monitor a user based on their IP address, SIM card, or GPS) can be used to locate a user at any time, anywhere, without resolute cause. Although these things appear harmless now, there is always the chance that they will be used negatively in the future.


When it comes to corrupting national security and the personal security of a citizen for the sake of light-hearted entertainment or the advancement of technology, we should ask ourselves the following question and meet it with a truthful answer:

Just because we can, does it mean that we should?

  • Think of the negative consequences of giving more and more data to social media giants like tik tok

  • What does tik tok truly do with our data, and what can they do with it as time evolves?

  • What happens when the power of tik tok or any other social media giant gets out of control? Would we be able to counter them and keep our privacy and personal information protected?

CONCLUSION

Like other social media apps, concerns surrounding tik tok are not unfounded. To use tik tok every now and then for enjoyment is not a bad thing, but thinking in terms of privacy, a user’s security would be much better off if they did not use it at all. Like all other social media platforms, there is a risk to how much data we share with all-powerful tech companies. In the finest print, all users must realize that the data they give is not really their own, but actually belongs to Bytedance, Google, and Facebook.


Remember that whoever you trust with your personal information, there is always the probability that your information can and will be used against you. On the surface, tik tok appears as a benign power, but no user should be fooled that it would never use its power for harm. It is for this reason that tik tok and every other social media giant should be regulated to a higher extent, as well as watched with a closer eye.


SOURCES

  • Business Insider “There are still ‘legitimate concerns’ around Tik Tok’s lackluster security”

  • lawfareblog.com “Unpacking TikTok, Mobile Apps and National Security Risks” - Justin Sherman

  • scroll.in “What kind of user data does tiktok collect and where is it stored?”

  • cnet.com “Tiktok accused of secretly gathering user data and sending it to China”

  • “Tiktok Privacy Policy”

bottom of page