In a year of filled with concerns such as a global pandemic, murder hornets, and so much more, the crisis du jour for Americans is now…TikTok? Though it has existed for roughly two years, the short-form video app skyrocketed to pop culture prominence during stay at home orders, playing a role in everything from viral memes to political activism. But with large companies like Amazon and Wells Fargo making headlines for asking employees to delete the app, the U.S. military banning it from government-issued phones, and India outright banning it completely—all citing national security concerns—many of TikTok’s hundreds of millions of users and their employers have been left asking, “Is it safe?”
The short answer: No. The slightly longer answer: It’s complicated.
The common claim that TikTok is “Chinese spyware” that steals data from users’ devices and sends it directly to China is not true, at least not in the clear-cut way it is presented. Yet this risk can easily occur from a backdoor method or breach methods well leveraged in China with GhostNet. The Information War Monitor (IWM) found this to be true after a 10-month investigation of the state-funded GhostNet company in China. As it stands currently, the threat to security, particularly national security, is more hypothetical than tangible. However, there are several major security issues consumers and their employers should be concerned about.
- At its core, TikTok is a social media platform, and social media and data privacy will always be at least somewhat at odds. While the data it collects is likely no more intrusive than that collected by other social media giants, the risk of that data in the wrong hands is high, especially in a world where users often rely on social media as a source of news. There have already been several allegations that the company has sought to suppress content critical of the Chinese government or considered controversial in China.
- TikTok’s popularity makes it a prime target for hackers, and it’s unclear whether TikTok’s infrastructure is strong and sophisticated enough to withstand attacks. In January, Check Point researchers found several vulnerabilities in TikTok that could have let attackers gain control of TikTok accounts, change the privacy settings on TikTok videos, upload videos without permission, and obtain user data such as email addresses. (Click here for more details on their research.) While security issues are something all software companies grapple with and TikTok did fix the issues Check Point uncovered, the software and company are still so new that it’s hard to say whether they can be trusted going forward.
In short, how TikTok handles content produced and disseminated on its platform and its user data may absolutely pose a national security risk, just in a more abstract way than directly spying on government or military actions. That being said, just because you can keep TikTok—for now—doesn’t necessarily mean that you should. Always exercise caution when sharing personal information online. Despite the allure, TikTok just isn’t worth the risk. This is especially true for company-issued equipment, where the data you are risking isn’t just your own.