Users of the video app have been warned about its data practices and links to China. Can you store your information securely?
Cyber security experts have warned Australian TikTok users that the Chinese government could use the app to collect personal information, from in-app messages with friends to precise device locations.
The warnings follow a report by Australian-American cyber security firm Internet 2.0, which found the year’s most popular social media app is collecting “excessive” amounts of information from its users.
Here’s what you need to know about TikTok’s data collection and how to keep your information safe.
What’s different about the way TikTok collects data?
TikTok’s data collection methods include the ability to collect user contact lists, access calendars, scan hard drives including external and geolocate devices on an hourly basis.
“When the app is in use, it has significantly more permissions than it really needs,” said Robert Potter, co-CEO of Internet 2.0 and one of the editors of the report.
“It grants these permissions by default. When a user does not grant that permission… [TikTok] asks persistently.
“If you tell Facebook you don’t want to share something, it won’t ask you again. TikTok is much more aggressive.”
The report labeled the app’s data collection practices “excessively intrusive” and questioned their purpose.
“The application can and will run successfully without any of this data being collected. This leads us to believe that the only reason this information has been collected is for data collection,” it concluded.
Most of the concern in the report focuses on permissions sought on Android devices, because Apple’s iOS heavily limits what information an app can collect. It has a justification system, so if a developer wants access to something, it has to justify why this is required before it is granted.
“We believe that the justification system that iOS implements systematically limits a culture of ‘grab what you can’ in data collection,” the report said.
Does TikTok have connections to the Chinese government?
TikTok is owned by the Chinese multinational internet company ByteDance, which is headquartered in Beijing. Founder Zhang Yiming sits at No. 28 on Bloomberg’s billionaire index.
ByteDance has previously denied a connection to the Chinese government, calling the claim “misinformation” after various leaks suggested it censors material that does not align with Chinese foreign policy goals or mentions the country’s human rights record.
“They are consistent in saying that their app does not connect to China, is not accessible to Chinese authorities and will not cooperate with Chinese authorities,” Potter said.
But he said Internet 2.0’s research showed that “Chinese authorities can indeed access device data”. By sending tracked bots to the app, Internet 2.0 “consistently … data geolocated back to China”.
Potter has said it was not clear what data was being sent, just that the app was connecting to Chinese servers.
This month, TikTok Australia admitted that its staff in China were able to access Australian data.
“Our security teams minimize the number of people who have access to data and limit it to only people who need that access to do their jobs,” Brent Thomas, the company’s Australian director of public policy, wrote in a letter. The letter was in response to questions from Senator James Paterson, the opposition spokesman on cyber security and foreign interference. Thomas said Australian data had never been given to the Chinese government.
Are you in danger?
Under China’s national security laws, Chinese companies, upon government request, are required to share access to data they collect.
“You’re in a different digital ecosystem when you’re on a mainstream Chinese app,” Potter said. And “who you are” can determine the “level of risk” you take.
On an individual level, the average user may not be at immediate risk, Potter said. “But if you’re involved in something more sensitive or discussing topics that are sensitive … you’ve become very interesting to them very quickly.”
A dissident in the Chinese diaspora community, or a critic of the Chinese government, may be “extremely concerned about their personal cyber security” on TikTok, Paterson said.
TikTok told a 2020 Senate committee on foreign interference in social media that any request for Australian user data would have to go through a mutual legal assistance treaty process.
Other governments also use their national security laws to access user data from TikTok. TikTok publishes a semi-annual transparency report on data requests from governments.
China is not on the list of countries, but the list reveals that in the second half of 2021, Australian governments made 51 requests for data related to 57 user accounts, with TikTok handing over data 41% of the time. The US made 1,306 requests for 1,003 accounts, with data released 86% of the time.
How can I keep my data safe?
TikTok is now the most downloaded mobile entertainment app in Australia with 7.38 million users over the age of 18.
If you decide to continue using TikTok, Potter suggests being “specific and detailed about the level of permissions shared with the app.”
Set permissions manually via in-app settings and in device settings. Tom Kenyon, director of Internet 2.0, also encouraged users to monitor these permissions regularly. “In any update they can change access to permissions. It’s not set and forget.”
Potter said users should continue to “ignore requests to share information”. He also urged young people to avoid using TikTok for “general messages”.
“If you want to share videos and look at cats, of course you have to do the hardest. If you want to have a conversation with your friends about your sexual orientation or human rights, I would be very careful.”
Kenyon said young people just starting out in their careers should think beyond the short term.
He also called on senior government officials, civil servants and members of parliament to “delete TikTok and other social media”. Although the data already collected will not disappear from TikTok’s database, deleting the application will stop data collection in the future. If they want to continue cross-platform activity, Kenyon suggested “a separate, dedicated phone.”
Should TikTok be banned?
Kenyon said that since it is a “pathway for data to flow to China … I think absolutely [TikTok] should be banned”.
But Potter said he “very rarely advocates a ban”.
“I’m in favor of better regulation.”
Potter said Australia needs to be clear “that we expect social media companies operating in Australia to respect our standards of privacy and freedom of expression”.
“They need to be clear about how they operate. And if they are caught lying consistently, we need to have a way to hold these companies accountable.
Federal Home Affairs and Cyber Security Minister Clare O’Neil said in a statement that the Australian government “has this report and has been well aware of these issues for some years”.
“Australians need to be aware … that they are sharing a lot of detailed information about themselves with apps that do not properly protect that information.
“I hope it worries Australians because it certainly worries me.”
Australian influencers have vowed to stay on the app despite concerns about Chinese data collection.
The Internet 2.0 report will be presented on Monday at a US Senate hearing on TikTok. With 142.2 million users in North America, the US is “obviously the dominant market for this app.”
“I would expect TikTok to come under very tough questions about how the app works,” Potter said.
What does TikTok say about the report?
TikTok has dismissed the Internet 2.0 report as “baseless”.
A TikTok spokesperson said: “The TikTok app is not unique in the amount of information it collects … We collect information that users choose to give us and information that helps the app work, function securely and improve the user experience.
“The IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to suggest that there is communication with China. The researcher’s conclusions reveal fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims.”
With Josh Taylor
Source / supertools – url-supertools – H-supertools – Keyword Tool – Check website – Ubersuggest – url – mp3 – mp4 – youtube – facebook.com – facebook