The video app’s users have been warned about its data practices and ties to China. Can you keep your information safe?
Cybersecurity experts have warned TikTok users in Australia that the Chinese government could use the app to collect personal information ranging from in-app messages with friends to precise device locations.
The warnings come in the wake of a report by the Australian-US cybersecurity firm Internet 2.0, which discovered that the most popular social media app of the year collects “excessive” amounts of data from its users.
Here’s everything you need to know about TikTok’s data collection and how to keep your information safe.
What’s different about the way TikTok collects data?
TikTok’s data collection methods include the ability to collect user contact lists, access calendars, scan hard drives including external ones and geolocate devices on an hourly basis.
“When the app is in use, it has far more permissions than it really needs,” said Robert Potter, co-CEO of Internet 2.0 and one of the report’s editors.
“By default, it grants those permissions.” When a user does not grant it permission… [TikTok] persistently inquires.
“If you tell Facebook that you don’t want to share something, it will never ask you again.” TikTok is significantly more aggressive.”
The app’s data collection practices were labeled “overly intrusive” in the report, and their purpose was questioned.
“The application can and will run successfully without collecting any of this data.” This leads us to believe that this information was gathered solely for data harvesting,” it concluded.
Most of the concern in the report focuses on permissions sought on Android devices, because Apple’s iOS significantly limits what information an app can gather. It has a justification system so that if a developer wants access to something it must justify why this is required before it is granted.
“We believe the justification system iOS implements systematically limits a culture of ‘grab what you can’ in data harvesting, “ the report states.
Does TikTok have connections with the Chinese government?
TikTok is owned by the Chinese multinational internet company ByteDance, which is headquartered in Beijing. Founder Zhang Yiming sits at No. 28 on Bloomberg’s billionaires index.
ByteDance has denied a connection to the Chinese government in the past, and called the claim “misinformation” after various leaks suggested it censors material that does not align with Chinese foreign policy aims or mentions the country’s human rights record.
“They are consistent in saying their app doesn’t connect to China, isn’t accessible to Chinese authorities and wouldn’t cooperate with Chinese authorities,” Potter said.
But he said Internet 2.0’s research found “Chinese authorities can actually access device data”. By sending tracked bots to the app, Internet 2.0 “consistently saw … data geolocating back to China”.
Potter has said it wasn’t clear what data was being sent, just that the app was connecting to Chinese servers.
This month TikTok Australia admitted its staff in China were able to access Australian data.
“Our security teams limit access to data to people who need it to do their jobs,” Brent Thomas, the company’s Australian director of public policy, wrote in a letter. The letter was written in response to Senator James Paterson, the opposition’s spokesperson on cyber security and foreign interference. According to Thomas, no Australian data has ever been given to the Chinese government.
Are you at risk?
Under China’s national security laws Chinese companies are, upon request from the government, required to share access to data they collect.
“You’re in a different digital ecosystem when you’re on a mainstream Chinese app,” Potter said. And “who you are” may determine the “level of risk” you are taking.
At an individual level, the average user might not be at immediate risk, Potter said. “But if you’re involved in something more sensitive or discussing topics that are sensitive … you’ve become very interesting to them very quickly.”
A dissident in the Chinese diaspora community, or a critic of the Chinese government, might be “extremely concerned about their personal cyber security” on TikTok, Paterson said.
TikTok told a 2020 Senate committee on foreign interference on social media that any request for Australian user data would need to go through a mutual legal assistance treaty process.
Other governments also use their national security laws to gain access to user data from TikTok. TikTok publishes a half-yearly transparency report for data requests from governments.
China is not on the list, but the list shows that Australian governments made 51 requests for data related to 57 user accounts in the second half of 2021, with TikTok complying 41% of the time. The US made 1,306 requests for 1,003 accounts and received data 86 percent of the time.
How can I protect my data?
TikTok has 7.38 million users over the age of 18, making it the most downloaded mobile entertainment app in Australia.
Potter recommends being “specific and granular about the level of permissions shared with the app” if you decide to continue using TikTok.
Set permissions manually via in-app settings and in the device’s settings. Tom Kenyon, a director of Internet 2.0, also urged users to monitor those permissions regularly. “In any update, they can change access to permissions. It’s not set and forget.”
Potter said users should continue to “ignore requests for sharing information”. He also urged young people to avoid using TikTok for “general messaging”.
“If you want to share videos and look at cats, sure, go your hardest. If you’re going to have a conversation with your friends about your sexual orientation, or human rights, I’d be very wary.”
Kenyon said young people just starting their careers should think beyond the short term.
He also urged senior public servants, public officials and members of parliament to “delete TikTok and other social media”. While the data already collected will not disappear from TikTok’s database, deleting the application will stop data collection into the future. If they are wanting to continue activity across platforms, Kenyon suggested “a separate, dedicated phone”.
Should TikTok be banned?
Kenyon said that as it is an “avenue for data to flow to China … I absolutely think [TikTok] should be banned”.
But Potter said he is “very rarely in favour of bans”.
“I am in favour of better regulation.”
Potter stated that Australia must make it clear that “we expect social media companies operating in Australia to respect our privacy and free speech norms.”
“They must be transparent about how they operate.” And if companies are caught lying on a regular basis, we need a way to hold them accountable.
According to Clare O’Neil, the federal minister for home affairs and cyber security, the Australian government “has this report and has been well aware of these issues for some years.”
“Australians need to be mindful … that they are sharing a lot of detailed information about themselves with apps that aren’t properly protecting that information.
Australian influencers have vowed to stay on the app despite concerns about Chinese data harvesting.
The Internet 2.0 report will be presented on Monday to a US Senate hearing on TikTok. With 142.2 million users in North America, the US is “obviously the dominant market for this app.”
“I would expect TikTok will come under very hard questions about how the app operates,” Potter said.