Advertisement

China could be harvesting TikTok data, but much of it is already out there

By Alan Woodward, University of Surrey
Companies like Facebook are clear as to why they gather your data: They use information to sell advertising. The question then is, what is the real intention behind TikTok gathering user data?File Photo by John Angelillo/UPI
Companies like Facebook are clear as to why they gather your data: They use information to sell advertising. The question then is, what is the real intention behind TikTok gathering user data?File Photo by John Angelillo/UPI | License Photo

March 21 (UPI) -- The social media app TikTok has been a focus for concerns that the Chinese government could access data on individual users. Whether the app poses a security risk remains unclear, but TikTok has been banned from government devices in several countries.

However, reports suggest that computer-based tools designed to collect data from publicly available sources can also collate extensive information on TikTok users -- as well as those on other networking apps. These Open Source Intelligence tools need no special access to apps. This raises questions that apply to all forms of social media.

Advertisement

In 2015, on a visit to the United Kingdom, President Xi Jinping of China said: "The Chinese government supports Chinese companies in going global. But we believe that this process should be market-oriented, with companies being the main driver."

Advertisement

The following year, the Beijing-based private company ByteDance launched a video-sharing app called Douyin. For users outside China, they created TikTok in 2017.

To ensure its place in global markets, ByteDance didn't simply take the Douyin app and reconfigure it for the 40 languages it now supports. Instead, the company paid nearly $1 billion for a business called Musical.ly, set up in 2014.

Although based in Shanghai, Musical.ly had an office in California. By conducting the merger in late 2018, and retaining the TikTok name, ByteDance quickly increased the rate at which their app was downloaded. By the end of 2018, TikTok was one of the most downloaded apps in the world.

You might be forgiven for thinking this was yet another classic piece of corporate engineering resulting in an Internet sensation. However, some governments in Europe and North America seem to think that TikTok is more than a simple commercial enterprise.

Shifting geopolitics

TikTok has been a lightning rod for a shift in sentiment that has seen the United Kingdom, European Union, Canada and the United States ban the app from government devices on grounds of security. TikTok narrowly missed being banned completely from the United States in 2020 by then-President Donald Trump. That threat has been revived under the Biden administration.

Advertisement

Much of the worry about TikTok is fueled by Chinese government legislation compelling companies based in the country to cooperate with state authorities as required. It's an open question whether TikTok is really a security risk; it could also be a company caught in the crossfire of tensions between countries.

Security concerns were supported by a report in 2022 from cybersecurity firm Internet 2.0. Their investigations appeared to show that TikTok was capturing data with the potential to be useful, should someone wish to build a profile of the user.

This would have remained a purely theoretical threat if the data were not being passed back to China. For a long time, TikTok insisted any data collected by its servers could not be accessed by anyone in China.

In November, the company changed its privacy policy. It now said staff in China could access data. In fact, it went further, stating that European users' data was accessible to TikTok staff in Brazil, Canada, Israel, the United States and Singapore. This did little to help quell security concerns.

ByteDance has responded to recent bans by saying it has not provided user data to the Chinese government. It also claims that its data collection practices align with those of other social media companies.

Advertisement

Code analysis

Two further reports by highly respected research groups at Citizen labs and the Georgia Institute for Technology set out to resolve whether TikTok was a threat to national security, or to users in general. A detailed analysis of the code in the app found that TikTok was based on Douyin, the version for Chinese users, which has features that make it compliant with Chinese censorship regulations.

This common code appears to be customized to fit different global requirements. Citizen Labs reported: "...the end result of customizing the common code base seems to create a product that largely follows international industry norms, as we have not found any undesirable features like the ones in Douyin, nor strong deviations of privacy, security and censorship practices when compared to TikTok's competitors, like Facebook."

This suggests that TikTok, as supplied to global markets, is no worse in terms of harvesting user data than other social media platforms. The conclusions of the Georgia Tech report were similar, noting that China's government didn't need special legal powers over ByteDance to gain access to data, as so much is offered up freely.

Any OSINT tool could be used to gather user data, whether or not the service provider cooperates. These tools can be used, for example, to collate a list of followers for an individual user. In certain cases, they can access even more personal information, such as an email address for a given profile.

Advertisement

Purpose unclear

Companies like Facebook are clear as to why they gather your data: They use information to sell advertising. The question then is, what is the real intention behind TikTok gathering user data?

The Citizen Lab report noted a lingering doubt that dormant features written for Douyin but not used in TikTok could be enabled by TikTok's computer servers. The facts suggest that TikTok could scoop up your data, but there's no evidence they actively do so.

An equally pertinent concern is how social media companies filter information presented to you. So-called "shadow-banning" -- excluding users from people's feeds because the company dislikes what they say -- is increasingly common.

As tensions between various countries rise, China, the United States and Europe included, it's difficult not to conclude that the main drivers behind some TikTok bans relate to wider geopolitical concerns.

In many ways, this is irrelevant when it comes to the security of government smartphones and other technology. Putting aside motivation for a moment, the fact that all platforms can potentially access information that should remain private suggests to me that every social media app should be banned from official devices.The Conversation

Advertisement

Alan Woodward is a professor in the Department of Computer Science at the University of Surrey.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The views and opinions expressed in this commentary are solely those of the author.

Latest Headlines