NewsFlash: China isn’t mining TikTok for your dance moves

The original concept of social media was to share, but probably not exactly in a way that some TikTok users probably expected. According to audio leaks from some 80 internal meetings at the Chinese-owned social media company, employees of TikTok’s parent company, ByteDance, were able to “repeatedly access US user data over the past few months”.

It remains unclear how many users of the platform were actually affected and, more importantly, whether the Chinese government had access to the data, or even if it was used as part of a spy program. However, lawmakers in the United States, as well as those in the intelligence community, have expressed concerns about TikTok’s data collection. A major concern is that this could include audio and location tracking, which could be used by Beijing to access information about US citizens, including those in uniform.

A notable concern is that TikTok has become increasingly popular among US military service members, who use it to share photos that could be geotagged. These concerns were so great that the last White House administration sought to ban the service altogether.

For its part, TikTok has claimed that US user data is safe, but the latest evidence suggests otherwise.

Go to Bands

Buzzfeed revealed earlier this week that it had access to recordings of some 80 meetings, which involved dozens of TikTok employees, including engineers in China who claimed to have “accessed US data between September 2021 and January 2022, at the very least.”

The recordings ranged from small group meetings with business leaders to show-of-hand political presentations. Buzzfeed reported that the recordings were corroborated by screenshots and other documentation.

In one recording, an employee of TikTok’s Trust and Safety department could be heard saying: “Everything is seen in China”, while another suggested he had “access to everything”. What exactly was meant by “everything” remains unclear, but it certainly sounds ominous.

“No one should be surprised if US user data was accessed,” said tech industry analyst Roger Entner of Recon Analytics.

“What’s important now is whether this was a nosy individual, an organized effort by the company for business reasons, or something more nefarious,” Entner told ClearanceJobs. “There is a lot of metadata available to the business that is not accessible to anyone else and overall the data, especially facial recognition data, is very valuable and can easily be misused. “

US military ban from TikTok

Concerns about how TikTok stores data are nothing new. In 2019, the Defense Information Systems Agency (DISA) recommended that all DoD employees refrain from using the popular social media app, while the same year the Pentagon went so far as to ban members of the service to use TikTok on all government-issued devices.

Although the ban remains firmly in place, military personnel can still download the app on their personal devices, which has raised alarm bells within the DoD. Yet despite these security issues, the app has been seen as a potential recruiting tool, especially given its popularity among Gen Zers.

This fact has raised concerns among some lawmakers, and some have called on the US military to enforce its ban on TikTok for recruitment.

Given this recent news that China may be monitoring data on the platform, it’s possible the DoD will do an about-face and call for a complete ban on TikTok.

They all track data!

Of course, TikTok isn’t alone in tracking user data, and it wouldn’t be the first time US citizens have had their personal data exposed through a smartphone. What makes TikTok more worrying is that it’s not about how best to direct ads to consumers, but how Beijing might use the information it collects.

“Tik Tok may become one of the most ingenious malware installs ever,” warned cybersecurity researcher Garret Grajek, CEO of YouAttest.

“With over a billion downloads on Android alone and with a footprint of over 550 megabytes – there is no limit to what TikTok could send back to their C2 (command and control),” Grajek told ClearanceJobs. “The suspicion is real and the threat warrants further investigation.”