Chinese-owned app TikTok has been accused of harvesting its users’ data, and was even described as a potential national security risk by White House officials.
On Friday, President Trump said he intended to ban the video-sharing platform from the US because of these concerns, although over the weekend he appeared to approve of a potential move by Microsoft to acquire the company in the US.
Similar national security concerns have been cited regarding other Chinese companies, especially Huawei, prompting critics to dismiss them as protectionism on America’s part.
Rival social media platforms and politicians have warned of data risks regarding TikTok, but it isn’t clear what actual risks they are citing – other than the company’s origins in China.
Earlier this year, a thread on Reddit amalgamating original research included a description of TikTok as “a data collection service that is thinly-veiled as a social network”.
But this was refuted by a security researcher called Baptiste Robert, who tweets under the handle @fs0c131y, who found the data which TikTok collects is relatively standard for social media apps.
TikTok analysis in progress. It’s time to stop this non sense and put facts in the center of the discussion pic.twitter.com/CUpEbA6f9w
— Elliot Alderson (@fs0c131y) August 2, 2020
Here are five things about its users which TikTok actually collects, and how they compare to other social media apps:
1. Everything you write, even if you don’t send it
That includes the content of the message you’re composing, even if you delete it.
This could be seen as a major privacy invasion, but if it is then it’s a pretty ubiquitous one. Facebook has been using the content of private messages to build up user profiles for advertisers for years.
2. Everything you touch on the screen
Keystroke dynamics are a type of biometric which can identify people based on how they type at a keyboard or swipe on a screen.
These patterns could be enormously powerful, however. Researchers have found that keystroke patterns can indicate a lot about users, from their gender through to whether they are clinically depressed.
TikTok does seem to be the only company which acknowledges capturing keystroke dynamics.
3. Everything about the device you use to access TikTok
Our mobile and tablet devices can communicate a lot of information when they’re using TikTok, including your IP address, any unique device identifiers, as well as the following:
- the model of your device
- your mobile carrier
- time zone setting
- screen resolution
- operating system
- app and file names and types.
This sounds like a lot, but it’s actually standard and most of it is necessary for the app to display and run properly.
4. Your contacts
TikTok collects contacts from users’ phonebook, as well as from social network contacts if a user’s login is linked with one of those services.
Although this only happens “with your permission”, the permission only has to be given by the main account holder, who could be revealing their connection to somebody else who hasn’t given their permission.
This also isn’t unique to TikTok, and almost every social media platform will allow you to import contacts and see if there are any matches to users on the platform itself.
TikTok has a ketamine problem
5. What you’re interested in
This isn’t at all unique to TikTok. It’s the point of social media platforms to keep serving their users the kind of content that will keep them scrolling and using the platform.
But this is where the company’s links to China have caused concern.
TikTok’s homepage – it’s For You Page – is a feed specifically curated for each user by TikTok’s algorithms, and there’s no obvious mechanism for users to use the platform from a neutral perspective.
This means that any manipulation of that content – potentially for the purposes of political censorship – could end up going completely unnoticed by the user, who doesn’t have any methods to address it.
Accusations of such censorship have also been levelled at social media companies in the West, including by President Trump.
Earlier this year, Mr Trump signed an executive order aimed at curbing protections for the platforms based on accusations they were manipulating content against Conservative views.
Studies have found no evidence that social media companies target users based on their political positions rather than against the companies’ own content policies.
Equally, according to Baptiste Robert, there is no evidence of TikTok misappropriating data in a way that other social media apps wouldn’t.
He concluded his analysis by stating: “TikTok doesn’t have a suspicious behaviour and is not exfiltrating unusual data.
“Getting data about the user device is quite common in the mobile world and we would obtain similar results with Facebook, Snapchat, Instagram and others.”