Credit to Author: Pieter Arntz| Date: Tue, 28 Jul 2020 16:55:59 +0000
In recent news retail giant Amazon sent a memo to employees telling them to delete the popular social media app TikTok from their phones. In the memo it stated that the app would pose a security risk without going into details. Later the memo was withdrawn without an explanation except that it was sent in error. Are we curious yet, my dear Watson?
What is TikTok
For those of us that can’t tell one social media app from another, TikTok is one of the most popular ones and it was especially designed to allow users to upload short video’s for others to like and share. Functionality has grown from a basic lip-sync app to host a wide variety of short video clips. It is predominantly popular among a younger audience. Most of the users are between 13 and 24 years old. In the first quarter of 2019, TikTok was the most downloaded app in the App Store, with over 33 million installs. TikTok is owned by a Chinese tech company called ByteDance.
Nation states’ attention
This wasn’t the first time TikTok faced removal from a number of devices. India already banned TikTok. And the USA and Australia are also considering blocking the app. In fact, In December, the US Army banned TikTok from its phones, and in March, US senators proposed a bill that would block TikTok from all government devices.
Is TikTok safe?
For starters, TikTok being a Chinese product does not help. A number of Chinese apps and software packages have been under investigation and were found to be “calling home”. Now this does not automatically they are spying on you, but when you start your investigation with a negative expectation, you are inclined to see it as such. And gathering information about a client without their consent is wrong.
The fact that TikTok is different in China itself, where it goes under the name Douyin, is another factor. But this could be explained away as well as China has a reputation of spying on its population. So maybe the foreign version is less intrusive then the domestic one. And some governments have their own reasons not to trust anything from Chinese origin or another agenda to boycott products originating from China.
Adding to the suspicion a Reddit user by the handle of bangorlol posted comments about the data found to be sent home when he reverse-engineered the app. The same user has started a thread on reddit where he wishes to cooperate with other reverse-engineers on newer versions of the app. One type of behavior that was confirmed by another source is that the app copies information from the clipboard. Which certainly is something that goes above and beyond what other social media apps do.
TikTok’s main defense consists of the fact that most of their senior staff are outside of China. On their blog they also specified where their data are stored and that the data are not subject to Chinese law.
“TikTok is led by an American CEO, with hundreds of employees and key leaders across safety, security, product, and public policy here in the US. We have never provided user data to the Chinese government, nor would we do so if asked.”
Options to ban TikTok completely
Besides organizations like Wells Fargo and some branches of the US military asking their employees to refrain using the app on devices that also contain data about the organization, we have also seen countries advocating a total ban of the app. But this is not an easy goal to achieve and could also prove to be ineffective.
For a total ban of an app you would have to get it removed from the official playstores. This is harder to achieve for some countries than for others. India banned TikTok along with 58 other Chinese apps. The US government would have to find a legally sound reason to request that Apple and Google pull TikTok from their app stores and would probably meet with a lot of resistance.
Besides if people want to install a popular app like TikTok there are many other sources. Downloads are not limited to the official playstores, so a determined user will be able to find the app elsewhere. And it does not stop the millions of active users from continuing to use the app.
Another option is to give TikTok the same treatment as was handed to Huawei. Put them on the Commerce Departments’ entity list which would deny them access to US technology. Given the circumstances that doesn’t accomplish much more than denying them access to the playstores with the same consequences as we discussed above.
Social media and privacy
We have warned many times against posting privacy sensitive information on social media and guiding you and your children to use social media in a safe way. We even posted a guide for those that wanted to remove themselves from the major social media.
But when the social media app itself is determined to mine your data it becomes a whole different story. We have seen no conclusive proof that this is true for TikTok, but some of the allegations are very serious and seem to be supported by facts and authoritative research.
Other analysts discarded the researchers’ findings as jumping to conclusions. On thing is for sure: a full analysis without the help of the developers will take a lot of effort and time and even then, the results may still be disputable. At this point we can not be sure whether the TikTok app is spying on its users in a way that goes deeper than we might expect from an ordinary social media app.
All we can do at this point is to inform our users about the ongoing discussion and maybe explain some of the points that are being brought up. We also feel the need to repeat our warnings about the difficult relationship between social media and privacy. Obviously if any concrete facts should surface we will keep you posted.
Stay safe everyone!
The post TikTok is being discouraged and the app may be banned appeared first on Malwarebytes Labs.