The popular video-based social networking app TikTok has been downloaded by 1.6 million Australia users – but concerns are mounting about the app’s privacy and data security.
Last week, India banned TikTok along with 58 other Chinese apps, and now US President Donald Trump has said he’s also looking at banning the app. In Australia, a Senate inquiry about foreign interference in social media apps is underway. Department of Defence personnel also not allowed to have TikTok on their devices.
But how concerned should we be? Why is TikTok raising more red flags other social media apps, such as Facebook, that we know already have a lot of data on us?
Yahoo Finance spoke to three cybersecurity experts to find out why TikTok’s such a problem – and whether you should delete the app.
TikTok presumably collects the same kind of data that other social media apps do, and more – but the issue concerning many experts is that there are too many unknowns.
“The problem of TikTok is to do with the installation. So what happens is when you install an app like TikTok, you allow it to do certain things,” said RMIT University cyber security professor Matthew Warren.
And that means giving the app permission to your camera, your microphone, and your contact list – but this is also where things get hazy.
“Where the uncertainty lies is that it can also collect your location data, and [potentially] other information from apps on your mobile phone.”
Two month ago, a Reddit user by the name of bangorlol claimed to have reverse-engineered the TikTok app and found that it collects much more data than other apps do.
“TikTok is a data collection service that is thinly-veiled as a social network,” the Reddit user wrote in a post. “If there is an API to get information on you, your contacts, or your device... well, they're using it.”
The post also contained a technical explanation of the type of data TikTok stored and ways in which the app prevented users from ‘reversing’ or ‘debugging’ the app, and also highlighted the fact that the app tries to prevent you from knowing how much data it’s collecting on you.
TikTok is owned by China; other apps aren’t
According to the Australian Strategic Policy Institute analyst Fergus Ryan, the chief thing that sets TikTok apart is the fact that it is owned by a Chinese company.
“A lot of these apps that people use including social media apps, suck up a huge amount of data on their users. And often the permissions these apps require of their users are excessive and invasive,” he told Yahoo Finance.
“But the thing that makes apps like TikTok, [and] also WeChat, different is that they are from China. And that puts them in a particular legal jurisdiction, which means that due to a bunch of different national security laws in China, that there's effectively no firewall separating Chinese authorities from that user data that these companies hold.
“And so that means that when Chinese intelligence agencies, for example, want to take a look at this data, there's nothing legally standing in the way from them doing that.”
By contrast, Apple famously refused to unlock an iPhone for the FBI in 2016, something that Apple – as a company of the United States – is entitled to do. “That just simply couldn't happen in China.”
Not just dancing videos: TikTok is owned by an AI firm
People also might not know that TikTok is owned by ByteDance, which is a Beijing-based technology company that also owns other Chinese platforms Toutiao and Douyin.
“Bytedance, which is the parent company of TikTok, is at its core an AI company,” said Ryan.
“Underlying all those apps is an extremely powerful AI-powered algorithm, so ByteDance is really in the business of collecting and crunching data, and using that to become an even more powerful AI company,” he said.
“And so that means, if that’s your goal, then collecting as much information as possible is a top priority.”
TikTok had been caught in February, along with several other news and entertainment apps, for having access to users’ clipboards (anything that you copy and paste), a potential security flaw, and then said it had fixed the problem in April 16.
But in late June it was again caught doing the same thing.
“[Social media apps like TikTok and Facebook] push the boundaries when it comes to privacy and it's only when they’re called out that they pull back. But it seems in the case of TikTok they do it very reluctantly because they're really focused on hoovering out as much data as possible.”
Bottom line: Should I delete TikTok?
RMIT University’s Warren said he actually had TikTok at one point, but deleted it after bangorlol’s post went viral.
“I think everyone should make their own judgement call over whether they’re comfortable with information about them being shared with unknown entities. I suppose that's [a] personal decision – it was something I wasn't comfortable with and I deleted it,” he said.
Essentially, there are just too many unknowns, he said. “The problem people have is once information has been collected, they can never ask for that information to be taken offline or deleted.”
Speaking to Yahoo Finance, cybersecurity firm WhiteHawk founder and CEO Terry Roberts said she was a self-confessed “paranoid international risk professional”.
“I would not recommend using it (especially if there is a comparable alternative),” she said.
In fact, she would go a step further. “I also currently tell my family and friends not to post pictures of minors on Facebook and not to discuss your routines or vacation plans openly on social media ever.
“Bad guys come in all nationalities, shapes and sizes – don’t give criminals easy insights – period.”
As an analyst, Ryan says he needs to have TikTok because of his job. But would he recommend it to his cousins, nephews and nieces? The answer is no – but not for the reason that you think; it’s actually about the content on the platform.
TikTok has grown at an incredibly rapid rate, and as a result, its moderators haven’t been able to keep up, he said.
This means that minors are at risk of seeing some content that could potentially be very harmful or destructive. Ryan recalls one TikTok video that surfaced of a young man laughing at a family photo. Depicted in the photo is his cousin, a mass shooter.
“He shows the picture and it’s like a funny joke to him,” said Ryan. “And I wouldn't want my nephews and nieces to see that kind of content popping up on their screens.”
Beyond this, whether you should have TikTok depends on who you are.
“If you are someone who thinks you want to work in sensitive industries or in parts of your country’s government, particularly areas more related to national security, then it’s something that you should take more seriously,” said Ryan.
The “tremendous” amount of data that apps like TikTok is collecting on you can paint a “vivid picture” of who you are, your connections, where you live, your travel habits, and what you look like.
“So that’s a huge amount of information that you’re essentially handing over to the Chinese Communist Party.”
Yahoo Finance has contacted the Department of Defence and the Australian Cyber Security Centre (ACSC) for comment.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, property and economy news.