This story is part of , CNET’s series exploring the nation’s technological ambition.
When Marcy Granger first downloaded TikTok early last year, the 29-year-old Transportation Security Administration officer had no idea that a Chinese company owned the popular short-form video app.
Then the TSA barred workers from using TikTok for the agency’s social media engagement because of national security concerns. That’s when Granger learned that the video app belonged to ByteDance, a technology company based in Beijing.
The revelation didn’t stop Granger, who has racked up more than 166,000 followers on the app, from making TikTok videos. The Denver resident lip-syncs to pop music and posts motivational messages about life and motherhood on the app during her free time. She occasionally wears her TSA uniform at home in her videos but doesn’t give away security details about her job.
“It didn’t really scare me too much because some people don’t realize all social media and all data is tracked,” said Granger, who also runs a social media marketing business.
TikTok is China’s first global social media hit, capturing the attention of users through short videos of people lip syncing, dancing and goofing off to music. The app’s success, though, has fueled scrutiny from politicians who worry that the Chinese government could use the app to spy on citizens and spread political propaganda — a top concern during an election year. The Trump administration is even considering banning TikTok.
Some cybersecurity experts say Trump’s call to ban TikTok is more about politics than national security concerns. TikTok is competing in an environment dominated by US social networks such as Facebook, Twitter and Snapchat. Facebook, the world’s largest social network, even created a similar app called Lasso but shut it down in July after it failed to gain traction. Facebook’s photo service Instagram is expected to launch a TikTok competitor called Reels in more countries, including the US, in August.
“The Trump administration sees pushing back against TikTok as part of its strategy in containing China’s rise as a science and technology power and competing with China in the future about how data is governed, collected and analyzed,” said Adam Segal, who oversees the digital and cyberspace policy program at the Council on Foreign Relations.
Fears about privacy and security have already prompted some TikTok users to think about whether it’s too risky to stay on the service, while others hope to remain on the app. Some users have already pulled the plug on TikTok. In July, gaming star Tyler “Ninja” Blevins tweeted that he deleted TikTok from all his devices.
“Hopefully a less intrusive company (data farming) that isn’t owned by China can recreate the concept legally, such funny and amazing content on the app from influencers,” Blevins, who has more than 4 million followers on the app, said in a tweet.
TikTok has pushed back against allegations the app is “spyware” for the Chinese government, noting that it has an American CEO and that its safety and public policy teams are based in the US. TikTok said all US user data is stored in the United States, with a backup in Singapore. TikTok said that none of its data is subject to Chinese law and that it has “never provided user data to the Chinese government” and wouldn’t do so.
This week, TikTok CEO Kevin Mayer said in a blog post that the company launched a new Transparency and Accountability Center so experts can view TikTok’s moderation rules in real time and look at the code that drives its algorithms.
“The entire industry has received scrutiny, and rightly so. Yet, we have received even more scrutiny due to the company’s Chinese origins,” Mayer said. “We accept this and embrace the challenge of giving peace of mind through greater transparency and accountability.”
ByteDance’s investors, including Sequoia and General Atlantic, have also proposed transferring the majority ownership of TikTok to them amid more scrutiny from the US, Reuters reported.
TikTok’s security concerns haven’t stopped the company from attracting more users. In the US, TikTok was downloaded 48.9 million times in the first half of 2020, up 133% compared with the same period last year, according to data from analytics firm Sensor Tower. Globally, there were 623.4 million installs of TikTok during those six months, and the app surpassed 2 billion downloads in April. India is TikTok’s largest market, followed by Brazil, the US, Indonesia and Mexico.
Meanwhile, government officials are still looking closely into TikTok, an app known for its quirky dance videos that last up to a minute. US lawmakers say that even if TikTok doesn’t store US data in China, they’re still worried that the government has some control over the app.
“Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party,” US Sens. Chuck Schumer, a Democrat from New York, and Tom Cotton, an Arkansas Republican, wrote in a letter last year asking for an assessment of the app’s national security risks.
In 2017, ByteDance purchased social media app Musical.ly, which had offices in Shanghai, China, and Santa Monica, California. The Chinese company then rebranded Musical.ly, already popular among teens in the US, as TikTok and promoted the app with an aggressive marketing campaign. The US government last year launched a national security review of ByteDance’s acquisition of Musical.ly.
Some employers, including those with government ties, have taken their own action against the app. Wells Fargo told employees to remove TikTok from its work phones. The US Navy, Army and other military branches have banned TikTok from government-issued mobile devices because of cybersecurity concerns. Democratic and Republican national committees have warned staffers about it. Joe Biden’s presidential campaign barred staffers from downloading TikTok on their personal and work devices and asked them to delete the app if they already had it, reaffirming guidance from the DNC, a campaign official said. Last week, legislation that would bar federal employees from using the app on their work devices cleared the US House of Representatives and a Senate Committee.
India has taken a step further and banned TikTok, citing national security concerns. The move came after at least 20 Indian soldiers were killed during a clash with Chinese troops along a disputed border in the Himalayas. Now other countries, including the US and Australia, are considering whether they should bar the app too.
Some TikTok users like Granger are keeping their fingers crossed that a US ban doesn’t happen.
“I like being able to have that reach to share positivity. So it does worry me a little bit that if [TikTok] goes away that I’ll lose that ability,” she said. “I really do hope that they don’t ban it just because I have seen so much good come out of it.”
US weighs TikTok ban
US Secretary of State Mike Pompeo said last earlier this month the Trump administration was looking into banning TikTok. In an interview with Fox News, Pompeo said that people who downloaded the app are putting “private information in the hands of the Chinese Communist Party.”
President Donald Trump then confirmed in an interview with Gray Television that the US is considering a TikTok ban to punish China for its response to the novel coronavirus. “It’s a big business,” Trump said. “Look, what happened with China with this virus, what they’ve done to this country and to the entire world, is disgraceful.” Trump’s campaign then began running ads on Facebook asking people to sign a petition if they think the US should ban TikTok.
“TikTok has been caught red handed by monitoring what is on your phone’s clipboard. Do you think we should ban TikTok? Sign the petition NOW!,” one of the ads stated. iPhone users discovered in June after upgrading to an early version of iOS 14 that TikTok and other apps were accessing their phone’s clipboard.
This isn’t the first time the Trump administration has targeted a Chinese company. Taking aim at Chinese smartphone maker Huawei Technologies and telecommunications equipment maker ZTE, Trump extended for another year a 2019 executive order that barred US companies from using telecommunications equipment created by firms that pose a national security risk.
The Trump administration is considering action against TikTok under a federal law called the International Emergency Economic Powers Act, according to The New York Times. The law allows the president to regulate international commerce after declaring a national emergency in response to any unusual or extraordinary threat to the US. The US Commerce Department could also put TikTok on its “entity” list, restricting the company’s access to US technology. Adding TikTok to the list would mean that Google and Apple would have to pull it from their app stores. Trump’s administration could lobby US lawmakers to enact legislation that targets TikTok as well.
Preventing people from using TikTok, though, won’t be easy. There are other ways to install apps outside of downloading them from the app stores. Tech companies could put up a fight as well.
“The tech community will be very hesitant to go along with this app ban,” said Wayne Lam, an independent technology analyst. “It sets a precedent for the government to ban other apps or even for other global apps to be inaccessible to the US market.”
TikTok’s security concerns
As TikTok faces more scrutiny, some cybersecurity researchers have identified vulnerabilities within the app. Concerns about government officials tracking user data and security, though, aren’t unique to Chinese social media apps.
“They’re fundamental problems in how we consume information and how information is exchanged,” said Serge Egelman, who oversees research about security and privacy at University of California, Berkeley. “What TikTok is doing isn’t particularly new or novel, but it’s pretty much how most apps collect data and monetize themselves.”
The Trump administration, for example, has purchased cellphone location data from a company called Venntel and uses it for immigration and border enforcement, The Wall Street Journal reported in February. China is a “useful political punching bag rightly or wrongly, in many cases,” Egelman said, but the questions facing TikTok should also be asked about other apps and governments.
Oded Vanunu, head of products vulnerability research at Check Point Software Technologies, said that hackers and cybercriminals are putting a lot of resources into finding vulnerabilities on social media and messaging apps because the data is valuable. Russian trolls have used social media apps to sow discord among Americans during the 2016 US presidential election. Since the US government doesn’t control TikTok’s infrastructure, it’s no surprise the government is concerned about its risks, he said.
Social media apps, including TikTok, collect information about its users such as their location and images. Users also have private videos they don’t post to the public. A version of TikTok called Douyin (that’s the word for “shaking sound” in Chinese) available in China was using facial recognition to police foreigners, The Telegraph reported.
“In the world of cybersecurity, this kind of data is gold,” Vanunu said.
In January, cybersecurity firm Check Point Research found TikTok security flaws that could have allowed attackers to manipulate content in TikTok accounts, delete videos, upload unauthorized content, make private videos public and reveal an account owner’s personal information. The researchers told TikTok about the issues and they’ve been fixed.
Using any social network comes with risks, experts said. Users have to be wary about uploading any private content that they aren’t comfortable with having leaked. They shouldn’t also believe everything they see on social media apps because videos can be altered to spread misinformation.
The Washington Post, while working with privacy company Disconnect, concluded that TikTok doesn’t appear to collect any more data than Facebook — but “that’s not a compliment.”
TikTok was also one of 53 apps that security researchers discovered regularly sought access to what users copied content on their mobile device’s clipboard. The revelation surfaced because a new feature in the developer version of iOS14 told users when an app accesses a person’s clipboard. TikTok told BBC that it didn’t store or receive any data from these clipboards.
Last year, a California researcher and college student Misty Hong sued ByteDance, TikTok and Musical.ly, alleging in the lawsuit that the short-form video app has been illegally and secretly harvesting vast amounts of personally identifiable user data and sending it to China.
Yaqiu Wang, who researches China for the Human Rights Watch, says concerns about TikTok go beyond just privacy. There have also been fears TikTok has been censoring videos that are critical of the Chinese government, a claim TikTok denies.
Wang and her colleagues last year posted video clips of an unidentified Chinese protester called Tank Man, who stood in front of Chinese Army tanks leaving Tiananmen Square a day after the military’s crackdown on pro-democracy protests in 1989. One video the researchers posted couldn’t be viewed by the public, but TikTok said that it made a mistake by restricting the content. The video was “incorrectly partially restricted based on guidelines related to displaying identifiable military information,” and it was reinstated, the company told Wang.
Last year, TikTok apologized to a US teenager Feroza Aziz after the company suspended her account after she posted a makeup video where she criticized China’s treatment of Uighur Muslims. The company said it mistakenly pulled the video and that she was blocked from the app for prior behavior not because of her views on Chinese politics.
Other tech companies such as Facebook and Twitter also have content moderation policies and say they abide by local laws. But these US companies are making different decisions about how they handle political content, Wang said. Facebook doesn’t send speech from politicians to fact-checkers while Twitter has labeled political posts with misinformation.
“The worry with TikTok is to what extent can the Chinese government compel TikTok to make certain decisions?” she said. “We need more evidence, but I think that the concern is valid.”