On TikTok, It’s All Fun and Games Until China Wants Your Info

New reports in the US have raised serious questions about whether the Chinese government has access to American TikTok users’ personal information. But Apple and Google, which operate the two largest app stores, seem unconcerned.

Leaked audio of TikTok’s internal meetings obtained by BuzzFeed contradicts the company’s affidavit to Congress last fall that US user data is being managed by a “world-renowned US-based security team.” BuzzFeed reports that American employees couldn’t access the data on their own and had to ask Chinese colleagues where user information went. According to BuzzFeed, the China-based engineers had access to non-public US user data from at least September 2021 to January 2022.

BuzzFeed reports that “on record, the vast majority of situations in which China-based employees accessed US user data were intended to” stop the flow of American data to China. But the fact that Chinese engineers had that access poses a national security risk. When a tech company operates in mainland China, the Communist Party can easily gain access to its data. One possibility is China’s Data Security Law, which allows the government to regulate private companies’ practices for storing and managing information in China when they collect “core data” — a broad term meaning anything Beijing considers national or security-related concerns.

TikTok said just before the BuzzFeed story broke that its “default location” for US users’ data would be forwarded to Oracle Cloud Infrastructure. But if Chinese engineers can still access this content, they could easily store it on mainland servers, even unintentionally. The BuzzFeed report details how a member of TikTok’s trust and security department said at a fall 2021 meeting that “everything will be seen in China.” Worse, an unidentified director referred to a Beijing-based “main admin” who had “access to everything” on the app.

(TikTok responded to the BuzzFeed report, “We know we’re among the most scrutinized platforms from a security standpoint, and we want to eliminate any doubt about the security of US user data. That’s why we hire experts in their fields and work continuously.” to validate our security standards and engage reputable, independent third parties to test our defenses.” ByteDance, its parent company, had no further comment.)

In the data TikTok collects on American users, the Chinese government could find a lot of value. In accordance with the company’s privacy policy, it collects consumers’ real-time location, search history, and biometrics (such as fingerprints or faceprints). Such information is invaluable for creating identity profiles that hackers sell to the highest bidder on Chinese black markets to commit identity fraud, or the Chinese government could use information it forces tech companies to provide to access the records of Americans’ federal employees access. Government-sponsored hackers could create accurate scans of stolen fingerprints to crack a two-factor security system.

Worse, TikTok requires using your device’s microphone to collect voiceprints. Without access to TikTok’s source code, which only the company owns, it’s hard to know what the app is doing with the permissions it’s been granted. However, there is evidence that it records even when you are not using it. TikTok users report that Apple’s app spying feature, which notifies device owners when apps are accessing your microphone or camera, pinged them that TikTok was accessing their microphones when the app was closed. If TikTok’s access is as extensive as this implies, the Chinese government could use a smartphone as a listening device.

The BuzzFeed coverage prompted Federal Communications Commissioner Brendan Carr to write to Apple and Google, urging them to remove the app from their stores as “an unacceptable national security risk.”

Mr Carr is right. TikTok’s popularity among policymakers and journalists could give the Chinese Communist Party unlimited access to the data of influential Americans. This opens a terrifying breach in our country’s security, allowing China to eavesdrop on government officials’ private conversations in order to blackmail them or, as many of them use their personal devices to conduct official business, steal their credentials to access top secret information . As of 2020, TikTok had access to clipboard content on Apple devices, which can grant some access to anyone using a password manager for secured accounts. If the user has even just one of their government ID cards saved to their clipboard, it can open a door to a federal agency.

TikTok said it would stop accessing users’ clipboard contents on iOS devices after Apple’s new privacy transparency feature in iOS 14 revealed it is continuing the practice. But it’s unclear if that’s the case, and no firm date accompanied the promise.

US tech companies have long had ample evidence that TikTok poses a serious threat. President Trump issued an order banning TikTok from US markets in 2020, which President Biden reversed last June.

But even now, Apple and Google seem indifferent to TikTok’s practices. Both companies’ app stores have developer policies to prevent this type of behavior. Section 5.1.2(ii) of Apple’s Developer Guidelines provides: “Data collected for a specific purpose may not be reused without further consent, except as expressly permitted by law.” TikTok users may agree, that the app is collecting their data, but they certainly won’t be asked to explicitly consent to their data going to the Chinese government. Apple claims it has rejected more than 343,000 apps from its App Store for “privacy violations.” But TikTok seems to have gotten an exception – and is even listed as “iPhone Essential” on the Apple App Store homepage.

TikTok is probably too financially valuable to be deplatformed. It has 100 million monthly users in the US, most of whom use the app rather than the website. Each of these accounts means activity in Apple’s and Google’s app stores, and both US companies also get access to the app’s data. Apple and Google also have a keen interest in maintaining good relations with Beijing. In order to sell its devices and services in China, Apple agreed to a deal that requires, among other things, that it remove most of its encryption technology and let officials manage the computers in its mainland data centers. Google is also active in China.

Mr. Carr cannot force Apple and Google to change their practices, but Congress can enact legislation that protects US consumers. Legislators could ban the app outright, or at least require Apple and Google to allow safer alternatives to their own app stores.

TikTok poses a serious threat to national security and American privacy. If the corporations don’t quash this threat, Congress must.

Mr. Thayer is President of the Digital Progress Institute and a Washington-based telecommunications and technology attorney.

Review and Outlook: With Elon Musk abandoning his $44 billion purchase of Twitter, the only winners are the progressives, who support the social media platform’s censorship of views that disagree with their own. Images: Zuma Press/GC Images/Getty Images Composite: Mark Kelly

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

https://www.wsj.com/articles/on-tiktok-its-all-fun-and-games-until-beijing-wants-your-info-china-ccp-national-security-app-store-apple-google-information-data-11658347613 On TikTok, It’s All Fun and Games Until China Wants Your Info

Alley Einstein

USTimesPost.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@ustimespost.com. The content will be deleted within 24 hours.

Related Articles

Back to top button