The young adult in your life probably loves it.
The federal government in your life probably doesn't.
Call it a love-hate relationship with the social media app TikTok.
U.S. considers banning TikTok
At this point, TikTok's relationship with China is no secret.
China-based ByteDance owns the short-form video platform and has reached a global audience from the start. It has attempted to distance itself from the the Chinese Communist Party. But privacy questions and the China connection are being brought up by governments around the world.
In a recent email to Reuters, TikTok, an app which isn't even available in China, defended its stance on privacy and security:
"We have no higher priority than promoting a safe and secure app experience for our users. We have never provided user data to the Chinese government, nor would we do so if asked."
Despite these statements, multiple governments have expressed concerned over TikTok's security. India recently banned the app, and Hong Kong plans to follow suit soon.
And the U.S. is considering a ban, as well, according to Secretary of State Mike Pompeo via Fox News:
"We are taking this very seriously and we are certainly looking at it. We have worked on this very issue for a long time, whether it's the problem of having Huawei technology in your infrastructure—we've gone all over the world and we are making real progress getting that out—we had declared ZTE a danger to American national security.
With respect to Chinese apps on people's cell phones, I can assure you the United States will get this one right too."
Pompeo avoided making any decisive statements for now.
While TikTok is still available (and widely popular) in the U.S., the military reportedly banned the app in January over security concerns.
When asked if he recommends downloading the app, Pompeo responded, "Only if you want your private information in the hands of the Chinese Communist Party."
Australia has questions about TikTok's privacy
The U.S. and India aren't the only nations questioning TikTok's security. Australia has joined the club, led by Labor Senator Jenny McAllister.
McAllister has expressed two primary concerns with the app's approach to Australian privacy laws, as ZDnet reports:
"The first is that they're not entirely transparent or inadequately transparent about what happens with individual data.
The second is that it's not quite clear what their content moderation policies are. And there are concerns that some of these approaches to moderating content might be inconsistent with Australian values. For example, removing material about Tiananmen Square, or de-prioritizing material about Hong Kong protests."
Rather than banning the app outright, though, McAllister wants to engage in a conversation with TikTok about its practices:
"We don't want parents to be worried about TikTok and we don't want kids to have to worry too much about using social media either. What's needed is a really clear understanding from the platforms about their approach to privacy and their approach to content moderation. We'd like the platforms to come before us and actually talk to us about this issue."
Security researchers track TikTok's China and foreign connections
When the U.S. military banned TikTok from use, security firm Lookout ran an app analysis of both the Android and iOS versions of TikTok.
We'll focus on the iOS version here:
- 119 IP addresses associated with TikTok were hosted in China.
- One IP address associated with TikTok was hosted in Hong Kong.
- Two IP addresses associated with TikTok were hosted in Russia.
- There were seven high-risk capabilities in the app, in particular flagging connection with a private IP address and monitoring location changes.
With the news of India banning TikTok and the U.S. considering a similar move, Lookout ran the numbers again. Here is what has changed for iOS users of the app:
- 11 IP addresses associated with TikTok were hosted in China (decrease of 108).
- Two IP addresses associated with TikTok were hosted in Hong Kong (increase of one).
- Three IP addresses associated with TikTok were hosted in Russia (increase of one).
- There were six high-risk permissions in the app (decrease of one). While the connection to the private IP has been removed, it still monitors location change, accesses the clipboard, and accepts incoming connections.
Researchers sum up their findings like this:
"The most interesting finding in this analysis is the massive decrease in the number of Chinese IP addresses that the iOS version of the app is connecting to and the new connections to China from the Android app. There could be a number of reasons for this, but the difference since the original analysis is notable."
Notable, indeed.
Do you think TikTok is a security risk? Let us know in the comments below.
