It was nonexistent just over 2 years ago, today it has over 2 billion downloads and more than 800 million active users. It’s beloved by teenagers and young adults in the millions across the world. This is the story of TikTok and its surprising rise to global fame from faraway China.
On August 7, 2021, the President of the United States finally landed the ban we’d all expected for a while. TikTok is to seize operations in the US except it is bought over and controlled by an American company within the next 45 days.
For outsiders, this may seem harsh, but not for cybersecurity experts and pro-privacy groups. For those who have watched TikTok’s rise with unsettling concern, this signals a step in the right direction. But why?
Like every China-based tech company, TikTok had a huge problem from the very beginning, one that limits any potential global expansion. The problem? China.
A heavily controlled communist state, China has raced to the top of technological advancements and innovation in the world. Still, Chinese tech companies and startups have been unable to truly become global players.
And the reason is hardly farfetched. As is the case with controlled states, every business within the state must meet certain requirements. Amongst those requirements in China are heavy censorship of content considered unfavorable to the state. Registered in China, ByteDance, TikTok’ s owners and designers, come under these laws.
To consider the level of censorship this brings, look no further than the recent political turmoil in the semi-autonomous state of Hong Kong. As videos of protests and revolt against the communist stretch into the former British colony spread through social media, TikTok felt eerily silent on the issue.
According to TikTok, their algorithm simply didn’t pick up videos of the subject. And for the few that it did pick up, it didn’t deem it strong enough to go viral.
While this seems like a fair statement, algorithms only behave as they’re trained to. With TikTok’s laws prohibiting the spread of content considered too politically sensitive. It says those laws are now a thing of the past, though, but there remains a concern over the selective nature of its algorithm to disruptive trends such as the #BlackLivesMatter movement.
There’s also the more theoretical concern over what TikTok does with the data it collects. Like all social media companies, ByteDance gobbles up huge amounts of data from consumers, including age, location, phone type, device OS, and more. Much more.
This shouldn’t be a problem. Except that China’s revised National Security Law requires any citizen or organization to “support, assist and co-operate with the state intelligence work”.
For many in the West, the concern remains that China may be able to compel TikTok to release very personal data of the many Western youths and teens on its platform. What can/will be done with this data remains highly theoretical.
TikTok, though, have constantly maintained that they “would definitely say no to any request for data”. TikTok also runs separately from its Chinese-based origins, Douyin. For ByteDance, this is indicative of its willingness to work within in China’s laws in China, but keep those laws out of its business in the West.
TikTok may have only been around for a short while, but it has come under fire for many security flaws. Back in April, research revealed a flaw in TikTok’s weak HTTP connection that allows hackers manipulate your feeds.
TikTok uses this unencrypted HTTP connection to deliver videos over its content delivery network. while this makes content delivery faster, it is incredibly easy to hack into. Researchers were able to take advantage of this gap and monitor videos being watched by specific users/IP addresses.
With a little more effort, they were also able to mount a man in the middle attack, after gaining control of a user’s access point. This allowed them alter videos before they are downloaded and watched, by mimicking TikTok’s own servers. According to TikTok, a fix was on the way as of April.
A less recent security flaw revealed by cybersecurity experts Check Point back in January revealed a vulnerability that allowed hackers manipulate user content. One vulnerability allowed attackers send messages to users that seemed to come from TikTok. Using this flaw, researchers were able to inject malicious code into their messages.
The malware allowed them take control of accounts, upload content on behalf of users, delete videos, publicize private videos, and retrieve user’s personal information. TikTok notes that this flaw was corrected before the research was published. A report that has been verified by Check Point.
It’s important to note, though, that TikTok’s troubles here aren’t peculiar. It has, for the past two years, focused on scaling its features rapidly to match user demands. And security problems aren’t new to companies of this nature.
For a very recent proof of how fast improving features could lead developers to miss security blind spots, look no further than Zoom. After becoming a favorite of many as the coronavirus-enforced lockdown pushed us to work and learn from home, it became clear that the app had many security flaws it had ignored as it scaled to match demand over the years.
Like Zoom before it, ByteDance has so far taken heed of the warnings issued by cybersecurity experts. It has also moved fast to address security flaws brought to its notice.
The importance of social media to the society – particularly the younger population – doesn’t seem to be slowing any time soon. This isn’t necessarily bad, but it does keep privacy nutjobs on the edge – and for good reason!
Signing up to social media channels remains relatively easy. TikTok, as with Facebook and its ilk, only requires your email or phone number, date of birth, and your full name to complete your registration. Most of this information remains private.
This is highly consistent with other social platforms. However, described as the Facebook of China by some, TikTok continues to gobble up tons of personal data long after your signup is complete. This again is consistent with other social media channels who use data for marketing, advertising, app re-design, and more.
Users remain as much in control of their privacy as on any other social media platform. You control what the public sees about you, and can chat privately only with those with whom you are mutual friends. You can also set your account to private if you so please.
For us, though, the depth of TikTok’s knowledge of its users’ devices, location, interests and behavior is concerning. Surely enough, if you’re concerned about just how much data the likes of Google and Facebook are gathering on you – and what they could use it for – you should be concerned about TikTok’s.
For us, this concern is grave and requires stringent action. But it remains no different to any threat you may face from other social media giants.
TikTok’s association with China means that it’s enjoyed almost as much scrutiny as growth since it arrived this side of the Pacific.
Amongst the claims it has had to deal with are claims that it harbors more hackers than other social media sites. There are also claims that child traffickers lurk in every corner of the app. But these are either exaggerated or untrue.
As with most social media channels, hackers will continue to look to exploit the platform. And traffickers will always look for holes to find their targets. There are neither more nor less hackers or traffickers on the platform than elsewhere.
Like other apps, TikTok also allows users report disturbing content, including nudity and pornography. These are immediately removed, per the app’s guidelines.
However, certain sexually suggestive content that skirts the edge of what’s acceptable may slip through. As will inappropriate exchanges. But none of these make TikTok criminally worse than other social media channels. Only just as disturbing.
TikTok doesn’t seem to be going away any time soon. Even as news of the impending ban filtered through, we were already aware of Microsoft’s intentions to buy over the app.
Does this make it any better or worse? That’s a question most will have to answer personally. Is it okay for TikTok to collect all of your personal data if the company behind it is in the US rather than in China? Will you feel better if it was a Google or Microsoft collecting your data rather than a ByteDance?
There’s also the well-known fact that TikTok may simply be suffering from growing pains. As was the case with Zoom, most tech startups experience a flurry of security and privacy issues in their early days. And while this number trickles down as they mature, they never really stop.
The Check Point team which raised alarm over the app’s security flaw back in January has done the same for the likes of Microsoft and WhatsApp. indeed, even the recently released iOS 13 had to be patched multiple times as vulnerabilities not present during production began to appear.
So, would TikTok remain as much of a security risk in a year or two – even with the same owners? As they’ve proven before, they are more than willing to adjust when any vulnerability is called to their notice.
As for privacy, it can’t be stressed enough that TikTok is only as private as any social media platform. They collect your data, study your behavior, infer your likes and dislikes, take note of your friends, etc. But this is no different from other platforms like it.
It’s also yet to be proven that TikTok sends your data back to China, or that you’re being spied upon. But TikTok’s association with China remains concerning. Should the data it keeps get into the hands of Chinese government, there’s no telling how it will be used. But the possibilities are scary.
Thanks to its Chinese origins, TikTok seems to have drawn more attention than it should. Should Microsoft fail in its attempt to purchase the product within the stipulated time, the decision on whether or not to delete TikTok may well be out of your hands. Until then, it’s up to you to decide what to do.
