If you haven’t heard of TikTok, you’re probably not a teen. This relatively new social media service is very popular with the younger generation. It’s been downloaded 1.5 billion times. With this app, you can share short videos and … well, you know, goofy social media stuff. I’m old. I don’t get it, either. The company is based in China and is quite popular in Asia.
But last week, India banned the use of TikTok (along with several other Chinese apps) over security and privacy concerns. India is TikTok’s largest market (at least in terms of app downloads). While this move may also be political, there are real reasons for privacy concerns. All five branches of the US military and some US Government agencies have banned the app, as well.
You Thought Facebook & Google Were Bad
There has been ample reason to take these privacy concerns seriously. Last year, a class action law suit was filed against TikTok claiming the company’s app “clandestinely… vacuumed up and transferred to servers in China vast quantities of private and personally-identifiable user data”. Just recently, TikTok was found to be reading your smartphone clipboard constantly. When you copied and pasted a password or credit card number or account number, TikTok copied that data, too. (Other apps were doing this, too, by the way – thanks to Apple’s upcoming iOS 14 privacy feature for exposing this.)
Just this month, a technically sophisticated Reddit user claimed to have reverse-engineered the TikTok app and found evidence of massive privacy problems. The user said “TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it. Here’s the thing though.. they don’t want you to know how much information they’re collecting on you, and the security implications of all of that data in one place, en masse, are f–king huge.”
Just Say No
So it should not be surprising that my recommendation is to uninstall the app and stop using this service. This isn’t about boycotting the company, it’s about protecting your privacy. I’m not even going to bother speculating on the cybersecurity or foreign espionage potential here – I’ve seen enough personal privacy threats to justify abandoning this service for good. These aren’t bugs. They’re not oversights. I’ve seen enough evidence to never trust this company, no matter what promises they make to change. (By the way, Facebook is in that same camp.)
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!