The White House, Canada, European Union and several European countries have banned TikTok in government devices due to its allegedly intrusive practices. The Australian government is also planning to follow suit and is reportedly on the verge of banning TikTok on government phones. Moreover, ministers are already using burner phones to run the application amid fears that Chinese delegates could access data retrieved from the app.
Cyber security experts are labelling the app as “unsafe” and a major data collection scheme. But how accurate are these allegations? Is TikTok really unsafe? Is the Chinese government spying on the rest of the world through this social media application?
Today we’ll explore all this and more, shed some light on the alleged TikTok leakware scandal and help you decide whether or not to use this application moving forward.
Cyber security experts suggest that government workers and politicians, particularly, should tread carefully with the social media application as sensitive data concerning entire nations could potentially be at risk of exposure. It has become quite clear that the potential dangers of TikTok are not to be overlooked. With government officials resorting to burner phones simply for using this platform, it’s no surprise New Zealand recently took matters into their own hands by officially banning its use on government-issued devices.
Government officials are looking out for their nations’ best interests, and it begs to ask if this particular action is necessary. And is it the right approach? Make no mistake, the allegations against TikTok are concerning but haven’t been proven with evidence.
There has been a recent spike in concerns surrounding TikTok’s parent company, the Chinese internet technology giant based in Beijing, ByteDance, leaking user data and insights to the Chinese government—information that can be used to push propaganda or false messaging. ByteDance’s stance remains defensive as they insist such concerns largely stem from “misinformation” and “wider geopolitics.” The company even suggested that they are doing the needful to bolster data protection for users based in the UK and Europe.
On the other hand, Trump’s attempts to bring TikTok’s US operations back home in 2020 may have been close but not quite far enough. The US government believes that Chinese authorities could leverage the app to spy and retrieve valuable information from American users, potentially giving them a geopolitical advantage.
With President Biden at the helm and two years of changed dynamics since then – there could be a chance for the social media platform to fall under American jurisdiction yet again. Will this historic move bring about sweeping transformations and put data abuse concerns to rest, or will history repeat itself? Only time will tell.
The critical point to note, however, is that despite all of these allegations and concerns, the threat from TikTok is mainly theoretical at this point, with ByteDance denying any misuse of user data. The only proven cases of abuse have included times when the company attempted to geolocate reporters who leaked sensitive corporate information. However, evidence of the company using the application to assist the Chinese government is yet to be found.
Before we dive deeper into this investigation, let’s check out what leakware actually is and if TikTok fits that description.
Leakware, also known as “exfiltration malware”, is a type of malware that is designed to steal data from a device and send it to a third party. This data can include everything from personal information such as passwords and credit card numbers to sensitive corporate data.
The allegations against TikTok’s abuse of user data match this definition, don’t they?
Leakware is typically installed onto a device through a third-party app or software downloaded from an untrusted source or unverified link. Both of these avenues can function as gateways for leakware breaches. Once installed, the malware will collect data and send it back to the attacker’s server without the user’s knowledge or consent.
Leakware is considered a sub-domain of ransomware, a different type of malware where hackers demand a specific ransom to be paid in exchange for the stolen data. However, with leakware attacks, the user data is stolen by a malicious cyber attacker and then encrypted, thereby making the data unreadable and unusable.
However, this encryption can be reversed using a decryption key that hackers will provide if their demands are met. The more significant concern with leakware is the evident risk that the stolen data could be released.
While everyday folks can be targeted as leakware victims, organisations and larger enterprises are usually focused as prime leakware targets due to the vast amount of data available and the potential for a more considerable ransom. Malicious downloads, unsecured websites, and apps are usually the biggest causes of leakware infiltration.
Leakware is designed to be stealthy and operate in the background without detection. The malware will typically run in the background of a device, collecting data and sending it back to the attacker’s server.
Leakware is also designed to be persistent, meaning that it will continue to operate even after the user has deleted the app or software that initially installed it. This can make it difficult to detect and remove from a device. That’s seriously concerning, isn’t it?
It has been reported that the social media phenomenon TikTok collects personal data from users, thus classifying it as “Leakware.” Furthermore, these recent reports suggest that TikTok has been collecting user data that is unnecessary for the application’s functionality – raising concerns about the safety of using the application and thus labelling the application as leakware. But how true is this?
With all these serious allegations and issues, a huge question looms at the forefront of everyone’s mind – is TikTok really leaking our personal information? It’s a fascinating yet worrisome thought for its users.
Apps such as TikTok collect enormous amounts of user data, some of which are unnecessary for the application’s core operation. Cybersecurity experts believe this to be a tell-tale sign that the platform is, in fact, a leakware. Moreover, TikTok collects data from its users and transfers it from their devices to their servers in the US and Singapore. The concern is that this data is then accessed by TikTok’s parent company, ByteDance, which is allegedly cooperating with the Chinese Intelligence Services.
There appear to be three significant areas of concern surrounding TikTok and its alleged potential misuse of user information. The first is regarding where TikTok stores user data. As we mentioned before, the user data from TikTok is transferred over to ByteDance-operated servers based in Singapore and the US – which raised the concern that China would demand TikTok to turn over said data under Beijing’s national security laws. TikTok recently defended this allegation by claiming it would delete the data of its US-based users from the ByteDance servers and transfer it over to servers operated by the American cloud computing company, Oracle.
Next up, wondering how TikTok knows just what you like? Thanks to the ‘magic potion’ of its algorithm, engineered in China and can dish up content tailored directly to your tastes. But it also raises serious questions, could this carefully crafted code be manipulated by malevolent forces looking to spread misinformation and alter public opinion? What might the future have in store for us if we allow these engines of influence to keep growing unchecked?
TikTok’s algorithm assesses users’ choices, likes and other related information to provide content that would most resonate with the user – be it the latest dance trend or a groundbreaking news story. But what’s wrong with that, you may ask? The big worry is what could be done with the algorithm. TikTok can be potentially used to show content to spread propaganda and change people’s perceptions that can threaten or destabilize governments. Again, it’s important to note that all of this is just speculation, and it hasn’t happened so far, but that doesn’t mean we can’t rule it out, either.
Lastly, many are also concerned about how the Chinese government could use the app to extract vast data on the world’s population. An FBI official in 2022 suggested that TikTok could be an outlet for the Chinese government to initiate “influence operations.” Considering the platform’s enormous user base, it could easily also be used to turn off certain types of messaging as well.
Based on what we’ve uncovered regarding leakware, it is evident that the claims for TikTok to be one stem mainly from the fact that it collects user data, some of which are not required for the application to perform its primary function. But what does TikTok retrieve from its users?
When you sign-up for the service, you’re giving away your name, age, phone number and email address. The app will also identify your approximate location through your IP address. The TikTok app monitors your clipboard and logs everything you type when you launch a webpage from TikTok’s in-app browser, so they have been capturing sensitive data from outside the TikTok app to send back to their servers.
Through the power of its algorithm, TikTok can curate a unique experience tailored specifically for you. As they gain more insights regarding your likes and dislikes based on what videos you watch and accounts you follow, this can be used in various ways – whether it’s revealing highly targeted ads or deploying controversial geopolitical messages. Nevertheless, one thing’s clear: with every click comes an opportunity.
TikTok’s privacy policy also permits it to collect sensitive information such as keystroke patterns and biometric data. However, TikTok claims it doesn’t store all of this and only uses such data for anti-fraud and spam detection purposes.
In addition to all this, TikTok has access to other types of information about its users, such as:
TikTok claims that it uses data extracted from users exclusively to provide catered experiences with their application. However, they’ve also said the information collected is used to enable app-specific features, assist their algorithm, and help detect abuse, spam, fraud, and other harmful and illegal cyber activities.
TikTok’s privacy policy also states that their business, advertising and payment partners might access the user data partially or whole. The social media giant also says the user data could be shared with law enforcement agencies, public or government authorities “if legally required.”
So, now that we have addressed the allegations, concerns, and the theory behind TikTok’s potential threats as a leakware, let’s delve deeper into what we can do to avoid the possible ramifications.
The viral popularity of TikTok means that people will inevitably use it as long as it is not explicitly prohibited. Prohibiting the application entirely is not a solid fix either, as it will open the door for counterfeit applications and cheap knock-offs riddled with malware.
The best way to protect yourself from leakware is to be cautious about the apps and software you download onto your device. Stick to trusted sources such as Apple’s App Store or Google Play Store, and avoid downloading apps from untrusted sources or websites.
It’s also essential to keep your device updated with the latest security patches and updates. These updates often contain fixes for known vulnerabilities that could be exploited by leakware and other types of malware.
We strongly recommend always carefully considering the permissions requested by all installed applications and refusing those that seem unnecessary. This will enable the prevention of potentially abusive data collection.
For organisations, protecting against leakware can feel like a challenge. But implementing a Mobile Threat Defense solution is the key to tackling this threat and keeping operations safe – just ensure it contains specific detection protocols. Cybersecurity should always be of the utmost importance for enterprises as you don’t want sensitive corporate information falling into the wrong hands.
If TikTok were to be banned altogether, it would leave many businesses in a frenzy as marketers scramble and business accounts struggle desperately to protect their valuable corporate information.
With several governments already restricting the use of the platform citing national security concerns, there is no guarantee that TikTok will remain available in the long run. So, what can businesses do to protect themselves while the platform is still running? Let’s explore these possible solutions in detail below.
If TikTok does get banned, businesses can explore other social media platforms as advertising and marketing alternatives. Based on current trends, we believe these are the best options:
If TikTok gets banned, businesses should also take necessary measures to protect their business data. Here are some steps companies can take to ensure their data is safe:
All in all, TikTok’s threat as a leakware is yet to be confirmed. The company claims the platform is secure, but until clear evidence one way or another emerges, it would be wise for users to be aware of the fact that their data could potentially end up in the wrong hands.
While the intentions of TikTok remain clouded, it’s sure that the platform’s popularity isn’t taking a hit. On the contrary, its lighthearted content and features have made it incredibly popular amongst people of all ages. However, despite this, you should exercise caution while using TikTok and take special consideration in what information you are providing on the platform. Because, at the end of the day, the safety of your personal data is paramount!
On the flip side, don’t count out the potential of TikTok just yet. It could well be the ideal platform to reach millions of people with your message – its huge user base has allowed many brands and businesses to skyrocket their reach and engagement.
If you have questions about how technology can help you make an impact on your business and connect with your target audience, why not book a discovery call? Who knows -maybe it will be the start of something amazing!
March 24, 2023