TikTok answers three major cybersecurity fears about the app

China has accused the United States over exaggerating national security fears about TikTok to crack down on the Chinese company. US government agencies have been ordered to delete the Chinese app from all employees’ devices within 30 days due to cybersecurity concerns. Similar steps have been taken by Canada and the European Union, where some politicians have called for nationwide bans.

Spare a thought for TikTok executives.

In 2020, they narrowly escaped seeing their smash-hit app banned in the US by former President Donald Trump and faced a daily barrage of questions about the cybersecurity risks posed by TikTok.

Thanks to several complex legal challenges, the debate largely fizzled out — and was finally put to rest in 2021 when President Joe Biden overturned Trump’s proposal.

You could almost hear a collective sigh of relief, both from TikTok itself and the millions of influencers who rely on the social media app for a living.

But now, in an irony that mirrors the video app’s trademark looping format, we’re back to where we started.

Except now the stakes are even higher.

Around the time of Trump’s proposed ban nearly three years ago, TikTok had been downloaded about 800 million times worldwide. It currently has 3.5 billion downloads, according to app analytics firm Sensor Tower.

Add to that an increase in geopolitical tensions between China and Western countries, and it’s clear that TikTok’s global future is more uncertain than ever.

So what are the top three cybersecurity concerns about TikTok that continue to be flagged, and how is the company responding to them?

A TikTok spokeswoman told the BBC that the app’s data collection is “in line with industry practice”.

Critics often accuse TikTok of harvesting massive amounts of data. A cyber security report published in July 2022 by researchers at Internet 2.0, an Australian cyber company, is often cited as evidence.

Researchers studied the app’s source code and reported that the app performs “excessive data collection”. Analysts said TikTok collects details such as location, what specific device is being used and what other apps are on the device.

However, a similar test conducted by Citizen Lab concluded “compared to other popular social media platforms, TikTok collects similar types of data to track user behavior”.

A TikTok spokeswoman told the BBC that the company is completely independent and “has not provided user data to the Chinese government, nor would we if asked”.

Although it annoys privacy experts, most of us accept that handing over bits of private data is the deal we make with social networks.

In exchange for giving us their services for free, they collect knowledge about us and use it to sell advertising on their platform or sell our data to other companies that try to advertise to us elsewhere on the Internet.

The issue critics have with TikTok is that it is owned by Beijing-based tech giant ByteDance, making it unique as a non-US mainstream app. Facebook, Instagram, Snapchat and YouTube, for example, all collect similar amounts of data, but are all US-founded companies.

For years, American lawmakers, along with much of the rest of the world, have assumed a level of trust: that the data collected by these platforms will not be used for nefarious purposes that could endanger national security.

Donald Trump’s 2020 executive order alleged that TikTok’s data collection could potentially allow China to “track locations of federal employees and contractors, build dossiers of personal information for extortion, and conduct corporate espionage“.

So far, evidence suggests this is only a theoretical risk – but fears have been fueled by a vague piece of Chinese law passed in 2017.

Article Seven of China’s National Intelligence Law states that all Chinese organizations and citizens must “support, assist and cooperate” with Chinese intelligence efforts.

This phrase is often quoted by people who suspect not only TikTok, but all Chinese companies.

However, researchers at the Georgia Institute of Technology argue that this phrase is taken out of context, noting that the law also contains caveats that protect the rights of users and private companies.

Since 2020, TikTok executives have repeatedly tried to reassure people that Chinese staff cannot access the data of non-Chinese users.

But in December, ByteDance admitted that several of its Beijing-based employees accessed the data of at least two American journalists and a “small number” of others to track their locations and check whether they met TikTok employees suspected of leak information to the media.

A TikTok spokeswoman says the employees who accessed the data were fired in December.

The firm insists that user data is stored in the US and Singapore and has never been stored in China. It says it is also in the process of setting up data warehouses elsewhere, for example in Ireland, where it plans to process all UK and EU data by 2024.

A TikTok spokeswoman said: “Our community guidelines prohibit misinformation that could cause harm to our community or the greater public, which includes engaging in coordinated inauthentic behavior.”

In November 2022, Christopher Wray, director of the Federal Bureau of Investigation, told US lawmakers: “The Chinese government could… control the recommendation algorithm, which could be used for influence operations.”

These concerns are further raised by the fact that TikTok’s sister app, Douyin – which is only available in China – is heavily censored and allegedly developed to encourage educational and healthy material to go viral.

All social networks are heavily censored in China, with an army of internet police deleting content that criticizes the government or stirs up political unrest.

At the beginning of TikTok’s rise, there were high-profile cases of censorship on the app: a user in the US had his account suspended for discussing Beijing’s treatment of Muslims in Xinjiang; after a fierce public backlash, TikTok apologized and reinstated the account.

Since then, there have been few instances of censorship, aside from the kind of controversial moderation decisions that all platforms have to deal with.

Researchers at Citizen Lab have made a comparison between TikTok and Douyin. They concluded that TikTok does not employ the same political censorship.

“The platform does not enforce obvious post censorship,” researchers said.

Georgia Institute of Technology analysts also searched for topics such as Taiwan independence or jokes about Chinese Premier Xi Jinping, and concluded: “Videos in all these categories can easily be found on TikTok. Many are popular and widely shared.”

The overall picture is thus one of theoretical fear – and theoretical risk.

Critics claim that TikTok is a “Trojan horse” – although it looks harmless, for example, it can prove to be a powerful weapon in times of conflict.

The app is already banned in India, which in 2020 cracked down on the app and dozens of other Chinese platforms.

But a US ban on TikTok could have a huge impact on the platform, as typically US allies often fall in line with such decisions.

Of course, it’s worth noting that these risks are a one-way street. China doesn’t have to worry about US apps because access for Chinese citizens has been blocked for years.