The Internet has come a long way from its early days when it was mainly used to share cat pictures. Today, instead of emailing pictures of our fury feline friends to a few colleagues, we can post videos of our cats for millions of viewers using mobile apps like TikTok. And, much to the common house cat’s chagrin, users have even learned they can watch and post videos on virtually any topic imaginable, even dogs.
All joking aside, TikTok made global headlines multiple times over the last few years when both conservative and liberal US politicians publicly proclaimed the app to be a national security risk. Both parties have gone so far as to suggest banning the app in US markets. Is this just political wrangling, or can those kitty clips really pose a risk to the country?
As it turns out, the hype is more than political bickering and cat fighting. There are three legitimate security concerns with mobile apps like TikTok. Let’s break it down in simple terms so users can decide for themselves if the risks warrant uninstalling the app or otherwise curbing usage.
First, TikTok, along with many other social media apps, tracks personal information. According to a study released by The Citizen Lab, researchers concluded the US version of the app collects device, usage, contacts and other private information. The information collected is very similar to other social media apps. So in short, companies know if you watch cat videos at home or in the office. By itself, this fact is not all that concerning, other than the bewildering willingness of US users to give up droves of personal data in exchange for mindless entertainment.
In the past, China has gone to great lengths to gather personal data on US citizens. Refer to the 2017 Equifax Breach as summarized by the Electronic Privacy Information Center. What this article doesn’t specify is why China targeted personal data in the first place. It’s safe to say they weren’t trying to figure out which type of cat users prefer. According to The New York Times, China collected the data to target US officials and other persons of interest. China has a history of putting various forms of pressure on key individuals in order to promote policies it deems beneficial.
Let’s follow this thread specifically to TikTok, using information published in The Guardian. In December 2022 ByteDance, the Chinese parent company of TikTok, admitted four employees were fired after it was proven they used app data in attempts to expose other employees that may have been cooperating with journalists investigating these exact privacy concerns. Thus any assurances that data cannot and will not be used to track or target individuals are clearly hollow efforts to placate concerns.
The second and more alarming concern is that the US version of TikTok shares a common code base with the Chinese version of the app called Douyin. The Citizen Lab report indicates significantly more data, including location, is collected in this version. Researchers have expressed concerns that ominous features could easily be enabled in the US version if a conflict were to arise between the US and China. This might allow Chinese officials to access data on US citizens … and even their cats.
Although personal data access and feline video preferences might appear harmless, the data could be used in very complex ways. For example, this could include location and tracking data in order to target an attack for maximum devastation. It could also include information that shows key individuals meeting with each other, or patterns of meetings that could inadvertently disclose predictable locations for high-ranking officials, corporate leaders, or other key individuals with influence over political, military or economic policy.
Further, imagine a high ranking US official has a close relative traveling to a foreign country. If an app could show repeated communications between these two individuals, one could infer the overseas companion might be a good target in attempts to influence public policy and squeeze the influential individual by threatening to kidnap or harm the relative (or her cat).
The third concern is more insidious and has also been cited across other social media platforms. This is the ability of the platform to influence users’ thoughts and perceptions on specific topics by controlling the content that can and cannot be viewed through the app. This extends to the ability of the app to target users with specific content as well as censor other “undesirable” content. It’s not difficult to see how continuously serving content and ads to users that provide only one side of an issue while systematically blocking any content related to an opposing viewpoint could result in the swaying of public opinion. One study conducted at Texas A&M University confirms users without a strong opinion on a particular topic were more likely to be swayed by social media content.
There are no legal or technical limitations that prevent this personal data from being used in a multitude of other, more nefarious ways. US users in particular have an unfounded sense of trust that companies will do no harm, despite the absence of a formal agreement or even a track record of corporate benevolence. In a recent legal case, TikTok competitor Meta settled a suit filed by the Department of Justice for a series of ads that were deemed discriminatory under the Fair Housing Act. TikTok has the same ability to filter and control viewership with the delivery of both ad and user derived content, and thus the ability to sway public opinion.
In conclusion, there appear to be legitimate security concerns with the TikTok application. It’s clear the situation is a bit more concerning than maintaining users’ abilities to watch cat videos. However, these concerns are largely present in other social media platforms as well. The user community might be better served through overall privacy movements and demands for new universal app features across all social platforms that limit tracking and content control. As for the outright banning of a single application, at least for now, the exercise is left to individual users to decide if the risks outlined are of sufficient concern to warrant removing TikTok.
Disclosure: The author was one of many individuals directly involved in the aftermath of the Equifax breach as a Security Consultant working for the organization from 2018 through 2020.
