In recent weeks, TikTok has been in the news repeatedly. This blog post helps explain why.

August 1, 2020 Update:  The New York Times reported that ByteDance, the owner of TikTok, has offered to sell its United States operations in response to the Trump administration’s threat to ban TikTok altogether in America.  Microsoft and other tech companies have been in discussions to buy TikTok, but no deal has been reached yet.  TikTok claims to have 100 million users in the United States.

What is TikTok?

TikTok is a short-form video service that allows its users to create and share three to fifteen-second dance, lip-sync, comedy, and other talent videos, as well as short looping videos of three to 60 seconds. It has inspired viral trends around the world.

With 2 billion worldwide downloads, TikTok is currently the sixth largest social network on the globe. In the first three years after its 2016 launch, it acquired 800 million active users. In the first three months of this year, it was downloaded 315 million times—garnering more downloads in a quarter than any other app in history.

Disturbingly Wide Range of Data Collection

Aside from the usual social media issues of cyberbullying, addictiveness, and the spread of misinformation, there is increasing concern with TikTok’s data collection policies. TikTok uses artificial intelligence to analyze user behavior to determine interests and preferences to curate and personalize their content feed.

At least one commentator has observed that the app collects an alarmingly extensive array of user data, far beyond the norm of tech industry standards. One anonymous Redditor, who has been widely reported on, has characterized the app as a front that is used to gather vast amounts of data from its users.

To illustrate, the following, non-exhaustive list taken from TikTok’s privacy policy states some of the information it gathers from its 800 million plus subscribers:

  • your IP address, your unique device identifiers, your geolocation-related data, your browsing and search history, the model of your device, your time zone setting, your screen resolution, your mobile carrier, your operating system, app and file names and types, and your keystroke patterns and rhythms.
  • Tik Tok also collects “information you provide in the context of composing, sending, or receiving messages through the Platform’s messaging functionality. That information includes the content of the message and information about when the message has been sent, received and/or read, as well as the participants of the communication.”
  • Furthermore, they “link your subscriber information with your activity on our Platform across all your devices using your email, phone number, or similar information.”

Hand in hand with concerns about the amount of data TikTok is collecting is apprehension about its data security policy. Check Point Research has identified flaws with TikTok’s programming that allow attackers to hack into and control user accounts through their internal messaging system. While TikTok has claimed that the problem has been resolved, it remains unclear how many users have been affected by it.

Collecting Data from Children

TikTok’s apparently voracious appetite for data collection from its users extends to children. In February 2019, the Federal Trade Commission fined ByteDance Limited  (the company that created TikTok) $5.7 million USD for violating the Children’s Online Privacy Protection Act (COPPA) because it collected data from children under the age of 13. This was the largest fine the FTC has ever levied in the name of children’s privacy.

The issuance of the FTC fine has spawned multiple investigations into TikTok. For example, the UK’s Information Commissioner’s Officer launched an investigation, and in May 2020, the Dutch Data Protection Authority also launched an inquiry into TikTok’s data collection and usage of children’s data. In June, the European Data Protection Board announced a task force to review TikTok’s privacy practices generally. Most recently, both the FTC and the DOJ have announced new investigations.

National Security Concerns

Adding to the data collection concerns is the fact that TikTok is owned by ByteDance Limited, a Chinese internet technology company valued at $100 billion USD. This is distressing because Chinese authorities have the power to request information from the private sector with minimal public safety/security justification. In fact, Chinese companies cannot refuse government requests for information if accompanied by a public safety or national security concern. That TikTok would fully cooperate with any such requests are confirmed in a statement issued by ByteDance CEO Zhang Yiming that his company would “further deepen cooperation” with the Chinese Communist Party.

In January 2019, a report from the Peterson Institute for International Economics called TikTok a national security threat to the West. More specifically, it stated that the vast amounts of data it collects could be used by the Chinese government for “espionage and manipulation of public opinion.” In November 2019, a class action lawsuit was filed against ByteDance alleging that user data was transferred to servers in China.

Senators have called on the Director of National Intelligence to review TikTok and its parent company ByteDance. Another senator has introduced the National Security and Personal Data Protection Act, which is specifically designed to prevent ByteDance from transferring American data to China. The Democratic National Committee has issued a warning to campaigns, state parties, and committees to use caution with TikTok and advised campaign staff to not use the app at all, even on personal devices.

On July 6, US Secretary of State Mike Pompeo announced the federal government was “looking at” banning TikTok and other Chinese social media apps. The extent of any potential ban is unknown.

Unsurprisingly, given the access to geolocation data, U.S. military operatives have been banned from using TikTok. TSA has requested that its employees refrain from its use and Well Fargo has banned the app from its devices. The Indian government has permanently banned the app after a previous, provisional ban imposed in 2019. Bans have also been passed in countries such as Bangladesh, Indonesia, and Malaysia.

Censorship and Propaganda

Finally, there is evidence to suggest that the Chinese Communist Party has already exerted influence over TikTok’s policies. Leaked documents have revealed that TikTok moderators have been instructed to censor videos that mention Tiananmen Square, Tibetan Independence, or Falun Gong (a suppressed religious group in China). Internal guidelines allow moderators to remove content as a “violation” or to limit distribution by labeling the content as “visible to self.” The documents also instruct employees to punish users who post videos that harm “national honor.”

It also appears that TikTok has suppressed information on the Hong Kong protests and blocked videos of human rights abuses in China, specifically the treatment of Uyghur Muslims in Xinjiang re-education camps. Indians have claimed that their videos about border clashes with China have been “shadow banned,” which is a method of blocking or partially blocking the user’s content without the user’s awareness. Furthermore, even mildly critical videos of the Chinese government seem to be censored. For example, an Indian comedian’s video making a joke at China’s expense was removed from TikTok shortly after it was posted.

Conclusion

TikTok highlights the ominous underbelly of a seemingly entertaining, harmless app used to spread viral trends and fun little videos. It also showcases how national security concerns can result from the use of apps created by foreign companies. It is yet another case that emphasizes the need for user control over personal data.