network monitoring doesn’t always extend to mobile devices unless you have a mobile device management plan in place. This means companies need to be aware of any potentially dangerous mobile apps or other mobile device threats out there.
Only 30% of companies use encryption with sensitive data contained on mobile devices.
When it comes to TikTok, we’ll go through what the controversy is and what the facts are about the app’s safety (or lack thereof).
What is the TikTok Security Issue All About?
While TikTok was first launched in the US and other markets in 2017, it’s only recently come under increased scrutiny due to the rise in popularity during the pandemic.
TikTok is a social media app that allows users to make short video clips to share with others over the platform. It makes it easy to add effects and sounds from a large library of songs, which led to its popularity.
The issue is that the company that owns TikTok, ByteDance, is a Beijing, China based company. This means they are subject to Chinese law, which leads to the worry that the government could demand that ByteDance turn over TikTok user data, which includes GPS location tracking (if enabled by the user), among other things.
Where is TikTok Data Stored?
ByteDance states that it stores user data on U.S. based and Singapore based servers and that data is not located in China.
However, the company itself is located in China and subject to Chinese law, so it’s unclear whether or not a demand on the company by the Chinese government could still allow them to share data on non-Chinese based servers.
U.S. military branches have already banned TikTok from being used on their devices because of the security risk and potential espionage concern.
Amazon was going to ban use of TikTok, then held off on it. Wells Fargo did tell employees to remove the app from corporate devices due to security concerns.
The biggest looming ban is that it could be banned for use in the United States altogether. There’s no confirmed timeframe on this and currently Microsoft looks to be trying to purchase the app, so the pending country-wide ban is currently up in the air.
What Should I Be Concerned About with TikTok?
Here is an overview of the concerning factors about the app.
The Device Data It Collects Any social media platform collects a lot of data on the user. It’s the price paid for use of a “free” app. Most of it is used for advertising – things you like, sites you visit, etc. – but TikTok collects some device related data that can be seen as invasive. Information that is collected automatically from a device includes:
Apps on the device
File name & types of files on the device
Keystroke patterns Why this type of data is concerning is because if a phone has a business app on it, like QuickBooks Online, that’s a cue to anyone that has that data that hacking the phone could get them a big payday. The filename and type information is also concerning, because it could reveal a sensitive company document with file name “Confidential Corporate R&D Information.” Keystroke patterns is another red flag, because it could be interpreted to mean everything you key in on your device (like a credit card number) is being tracked.
Corporate parent, subsidiary, or other affiliates in its corporate group
In connection with a sale or merger
In response to subpoenas, court orders, other legal requests
In response to government inquiries That last one “in response to government inquiries” goes right back to the security fears that have caused the controversy, which is that TikTok’s parent company may be forced to share user data with the Chinese government if they request/demand it. All-in-all, even though the jury may still be out on whether TikTok is being used for espionage, there are plenty of risks to worry about with the app that should have any company taking a hard look at whether or not they want it on their devices.