FCC Commissioner Brendan Carr has: written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security.
Does your data go TikTok?
Carr warns that the app collects massive amounts of data, citing a recent report claiming the company has access to sensitive data collected from Americans. He argues that TikTok’s “pattern of behavior and misrepresentations regarding the unfettered access that individuals in Beijing have to sensitive U.S. data … does not reconcile it,” with the App Store’s security and privacy policies.
He warns that TikTok acts as an advanced surveillance tool that collects large amounts of personal and sensitive data. He claims it collects:
- Search and browsing history.
- Patterns for keystrokes.
- Biometric identifiers, including facial and voice impressions.
- Location data.
- Draft messages.
- The text, images, and videos stored in a device’s clipboard.
- And more…
In his letter, the commissioner provides some evidence to support his argument that TikTok does not adhere to the security practices of Apple and Google — researchers argued in 2020 that the app may have access to sensitive data, including passwords, crypto wallet addresses and messages .
Security, politics and hype
Carr points out that the US government and national security agencies are urging or mandating that the TikTok app be removed from devices; India has banned the app for national security reasons; and some companies have already banned its use on corporate devices.
At the same time, there are still regular reports to support the service. For example, one of the UK’s leading newspapers, the Evening Standard, leads today with a report explaining who are the most followed people on TikTok. The numbers are staggering: Khaby Lame has 142.8 million followers on the service. The most watched video on TikTok ever, Zach King’s Harry Potter Illusion video generated 2.2 billion views.
That’s a lot of people – and potentially a lot of data that may be made available outside the circle of trust that many have come to expect. That’s important, as 80 million people use the service about 24 hours a month.
Objectively, TikTok seems to have tried to distance itself from the privacy violations Carr is referring to, but the most recent claim that US user data is accessible to the company may have pushed its reputation over the abyss. Although it moved US user data to Oracle servers in the US just before the latest malicious report came out.
What happens now?
I imagine TikTok will try to dispute the report that prompted the commissioner’s request. If that fails, it seems inevitable that Apple and Google will remove the app from their stores, at least in the US.
But what this actually represents is an allegory of the level of risk businesses face, and will continue to face, as different types of entities persist in exploiting digital connectivity for their own purposes. If Carr’s claims are true, TikTok joins names like NSO Group and RCS Labs in the appeal from companies committed to undermining user privacy.
The United States Government’s Committee on Foreign Investments in the United States (CFIUS) may soon announce a national security bill designed to curb potential abuses by state actors, in line with the claims made by the US government. Commissioner.
Nevertheless, disregarding nationalities, the claim also exposes the challenge of doing business at an increasingly controlled age. If every country is involved in exfiltrating data in this way, then no one can really be considered safe. The fact that part of this activity is outsourced to shady private entities increases this risk.
Of course, in the near term, business users will want to know how to convince employees to stop using TikTok on work devices, while MDM and security vendors will explore ways to separate the app from sensitive data kept on a dual-use work site. /personal machine.
The less they know, the less they know
Finally, of course, this news should be seen as a sign of support for Apple’s fundamental approach to privacy and security on devices, and an argument for continuing along that path. After all, even the most intrusive app can’t collect data that doesn’t exist. The best approach is to ensure that the endpoint intelligence remains on the device and cannot be shared in a usable format. Though at this stage of the digital transformation, TikTok’s likeness suggests there’s still a long way to go, so you better make sure your company’s security practice is TipTop for TikTok.
Please follow me Twitteror join AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2022 IDG Communications, Inc.