- Tobiáš Trnka
TikTok, an application that almost everyone knows. In recent years, it has become one of the most popular in the world. However, TikTok and its parent company ByteDance are often criticized for their cybersecurity management, or rather the lack of it, especially due to concerns about the handling of users' personal data. In this article, we will look at several reasons why it actually represents a security risk, why the American Congress is considering its blanket ban in the USA, or why even the NCISA is fighting against it.
Alleged cooperation with the Chinese government
Perhaps the biggest problem with the app is the fact that it could be used by the Chinese government to track and collect users' personal data. Although TikTok has a promise enshrined in its terms of use that your data will not be shared with anyone outside the company, there is one catch. Part of the current Chinese legislation is a law that allows the Chinese government to (secretly) demand the release of data from any Chinese company. For this reason, the US government has in the past expressed concerns that TikTok could be used for espionage and leaking sensitive information to China.
These concerns were ultimately one of the main triggers of a wave of bans on the use of TikTok on the devices of government employees in America and Canada. Employees of European Union institutions are also prohibited from using this application - and in India, for example, TikTok is even banned completely. 1 Even the Czech National Office of Cyber and Information Security (NUKIB) states in its recent warning: "[...] NUKIB recommends prohibiting the installation and use of the TikTok application on devices that have access to the regulated system [...]" - i.e. actually recommends banning the application for employees of the state administration (the entire NUKIB warning available here).
And what data does TikTok actually collect?
The data that TikTok collects from users contain sensitive information and is often obtained without the express knowledge (and permission) of the user. This data includes device brand and model, operating system (OS) version, mobile carrier, browsing history, app and file names and types, wireless connections, geographic location. But the main threat is tracking the pattern and rhythm of keystrokes. If you open a website in the application through a browser and enter your password for another social network or even a bank account, TikTok will know it2. TikTok's Privacy Policy further describes the collection and analysis of users' personal data as well as user data collected from other sources. This may include information such as age, appearance, personal contacts, relationship status, preferences and many others. In addition, the application collects data about users without informing them, users do not have direct access to their data and the ability to delete it.
This data are usually used for ad targeting and other purposes, but they can also be at risk in the event of a data leak or application security breach.
Problematic app content
TikTok has also long faced criticism for spreading misinformation and hoaxes, or, on the contrary, censorship of certain information. Tailor-made algorithms can make it easy to spread lies and manipulate public opinion. Cases of influencing public opinion through social networks are actually nothing new - for example, the influence of social networks on the "Brexit" referendum in Great Britain was crucial3. But more current is, for example, the effort to discredit American politicians, or the sharing of information that shows the US in a negative light - both through an account belonging to a Chinese state media4.
A good example is the ByteDance internal documents leaked last year that showed TikTok instructed its moderators to censor videos that mention the Tiananmen Square Massacre, Tibetan independence or the Falun Gong religious movement5.
Also related to this is the fact that TikTok contains a lot of content unsuitable for children and young people, i.e. the target group among which it is the most popular. You can often come across sexually explicit content, videos containing violence, or videos containing extremist views while "scrolling". But it's fair to say that TikTok is actively fighting against this content and is constantly removing similar "NSFW" videos6.
Risk of malware and phishing
TikTok can also pose a risk to users in the form of malware and phishing. Unsecured links in video captions can lead to dangerous websites or dangerous software downloads, which can lead to theft of sensitive data or even device control.
Overall, TikTok can pose a security risk to its users for a number of reasons. Although the app can be fun and popular, it is important to realize that using it can be risky. Despite all this, TikTok remains very popular. Finally, we can only add – be careful about what apps you use and how you use them. You never know what they know about you - and what they are sending.
