GDT Webinar Series – How to Fail at Security? Reserve Your Spot

The Clock is Ticking – Is It Time to Delete TikTok?

TikTok Social Media App

In a year of filled with concerns such as a global pandemic, murder hornets, and so much more, the crisis du jour for Americans is now…TikTok? Though it has existed for roughly two years, the short-form video app skyrocketed to pop culture prominence during stay at home orders, playing a role in everything from viral memes to political activism. But with large companies like Amazon and Wells Fargo making headlines for asking employees to delete the app, the U.S. military banning it from government-issued phones, and India outright banning it completely—all citing national security concerns—many of TikTok’s hundreds of millions of users and their employers have been left asking, “Is it safe?”

 

The short answer: No. The slightly longer answer: It’s complicated.

 

The common claim that TikTok is “Chinese spyware” that steals data from users’ devices and sends it directly to China is not true, at least not in the clear-cut way it is presented. Yet this risk can easily occur from a backdoor method or breach methods well leveraged in China with GhostNet. The Information War Monitor (IWM) found this to be true after a 10-month investigation of the state-funded GhostNet company in China. As it stands currently, the threat to security, particularly national security, is more hypothetical than tangible. However, there are several major security issues consumers and their employers should be concerned about.

 

  1. TikTok is owned by Chinese company ByteDance but is essentially two companies in one. In China, it operates as the highly restricted and censored DouYin, and everywhere else it is largely unrestricted TikTok we know. This separation is how the company is able to claim the data is safe from the oversight of the Chinese government. While TikTok argues that they do not operate in China, they only store TikTok data on servers outside of China, and they would not turn over data to China even if asked, skeptics disagree. They argue that, as TikTok’s parent company is Chinese, they could be forced to hand over TikTok’s data to the Chinese government under their recent and far-reaching national security laws. Recent issues with China imposing its national security law over Hong Kong, effectively booting out TikTok, could shed further light on this for other countries. It has been proven by US federal agencies that the Chinese government pervasively surveils within its borders and can get access to company-held data on a whim; thus, TikTok’s potential collection of information on U.S. citizens is true a security risk. The Chinese government has already acted on this with other companies, regardless of where the data resides. TickTok openly discloses the information they capture and use. (Click here to see their website posted privacy policy.)

     

  2. At its core, TikTok is a social media platform, and social media and data privacy will always be at least somewhat at odds. While the data it collects is likely no more intrusive than that collected by other social media giants, the risk of that data in the wrong hands is high, especially in a world where users often rely on social media as a source of news. There have already been several allegations that the company has sought to suppress content critical of the Chinese government or considered controversial in China.

     

  3. TikTok’s popularity makes it a prime target for hackers, and it’s unclear whether TikTok’s infrastructure is strong and sophisticated enough to withstand attacks. In January, Check Point researchers found several vulnerabilities in TikTok that could have let attackers gain control of TikTok accounts, change the privacy settings on TikTok videos, upload videos without permission, and obtain user data such as email addresses. (Click here for more details on their research.) While security issues are something all software companies grapple with and TikTok did fix the issues Check Point uncovered, the software and company are still so new that it’s hard to say whether they can be trusted going forward.

     

In short, how TikTok handles content produced and disseminated on its platform and its user data may absolutely pose a national security risk, just in a more abstract way than directly spying on government or military actions. That being said, just because you can keep TikTok—for now—doesn’t necessarily mean that you should. Always exercise caution when sharing personal information online. Despite the allure, TikTok just isn’t worth the risk. This is especially true for company-issued equipment, where the data you are risking isn’t just your own.

Author

Share this article

You might also like:

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

GDT is committed to supporting #WomenInTech. In this interview, Sr. Bid Manager Peggy Debrowski shares insights into her journey, challenges, and triumphs as a woman in the technology industry. From her role evolution to her passion for empowering women, Peggy’s narrative inspires and encourages aspiring professionals. Sydney: How long have

Welcome to our February edition of our GDT Employee Spotlight. Our Culture & Engagement Manager, Sydney Johnson, interviewed Anirudh Raghavan, Associate Solutions Architect, with our Professional Services team this month. SYDNEY: Hi, Anirudh! Thank you for taking the time to answer my questions for our February Employee Spotlight. You have