TikTok continues to gain steam and the popular social media app will surpass one billion users by 2022. As daily users happily scroll through the latest videos from their favorite content creators, data security concerns continue to beg questions for the Chinese social media giant.
The company has faced criticism over the past two years related to the security of data collection policies, despite its popularity and prolific onboarding of users around the world. Cryptocurrency users have also questioned that critical data, such as wallet private keys, could be stripped by TikTok’s alleged data practices.
US Federal Communications Commissioner Brendan Carr has called on Apple and Google to remove TikTok from their app stores by June 2022, claiming the app “harvests swathes of sensitive data that new reports say is accessed in Peking.”
TikTok is not just another video app.
That’s the sheep’s clothing.It harvests swaths of sensitive data that new reports show are being accessed in Beijing.
I’ve called on @Manzana & @Google to remove TikTok from their app stores for its pattern of surreptitious data practices. pic.twitter.com/Le01fBpNjn
— Brendan Carr (@BrendanCarrFCC) June 28, 2022
TikTok is not just another video app.
It’s lambskin.It collects swathes of sensitive data that new reports say is being accessed in Beijing.
I have asked @Apple and @Google to remove TikTok from their app stores for its pattern of surreptitious data practices.
Two years earlier, the cyberintelligence company Check Point Research published a report highlighting vulnerabilities in the TikTok app. This included the ability to take control of TikTok accounts and manipulate their content, remove and upload unauthorized videos, make “hidden” private videos public, as well as gain access to private email addresses and mobile numbers.
The company shared these discovered exploits with TikTok in late 2009, and the company deployed fixes for the vulnerabilities. Check Point Research told Cointelegraph that it has not conducted any further investigations into the TikTok code since its original examination.
TikTok uses HackerOne to reward code sleuths through its bug bounty program. The initiative rewards the discovery of security vulnerabilities, with different reward bands depending on the severity of the flaw discovered. Since the current bounty table was instituted in October 2021, TikTok has paid out $539,000 in bug bounties.
Cointelegraph has contacted TikTok to comment on concerns expressed about its security and data collection practices. A company spokesperson shared a wide range of published resources that address the subject of its data collection practices and the claims against it.
TikTok stores user data in Singapore and the United States and employs access controls including encryption and security monitoring by its US-based security team.. Access to this data is behind a series of control mechanisms and the company maintains that user data is not accessible in China, as people such as the FCC’s Carr in the United States have claimed.
The spokesperson also noted that the app’s clipboard access is controlled by the user, rather than a Financial Review report from July 2022 that claimed this feature was automatically enabled by TikTok. This could compromise any sensitive messages or passwords copied to the user’s clipboard.
Coins are safe, but phishing is a reality
Cryptocurrency users can rest easy as security experts agree that using or owning TikTok on a mobile device does not directly put cryptocurrency wallets and exchange apps at risk.
Bree Fowler has been following TikTok data concerns as a senior cybersecurity and privacy writer for CNET for the past two years. The journalist believes that TikTok users shouldn’t worry about using other apps alongside TikTok, telling Cointelegraph:
“State-sponsored hackers aren’t going to target regular people like this. I’d be more concerned with suspicious cryptocurrency apps and exchanges. It’s much easier to send phishing emails.”
Fowler warned users that prevent TikTok from tracking activity across a device as an added precaution, review app privacy permissions, and store crypto in offline (cold) wallets.
Cointelegraph also contacted Kaspersky company security expert Anna Larkina, who believes the questions being asked about TikTok’s data collection policies are well founded:
“The amount and type of data that TikTok collects about its users imposes a corresponding degree of responsibility for their security. Maximum transparency does seem necessary as to the exact destination of this data, especially if we are talking about third parties, which is extremely difficult. to track.”
Larkina pointed out that the sum of all this data contains a substantial amount of information about an individual user, so the potential cost of a data breach should not be taken lightly.
The biggest threat noted by both experts is the potential for user data to be compromised and then used in coordinated phishing attacks. With the amount of information stored by TikTok, including the apps installed on the device, attackers could plan targeted attacks on individual users.
Larkina has also warned users not to copy and paste login details and passwords onto devices that have TikTok installed and to limit the app’s ability to collect data.
Politically charged situation
Politics has been inextricably linked to the situation around TikTok and its popularity and usage around the world. The administration of former US President Donald Trump moved to ban TikTok and WeChat from operating in the US, pushing the issue to the fore.
Fowler believes it is unclear whether the concerns raised over the last two years are justified and that there are also political motivations at play. Although most associate TikTok with harmless videos that have captivated young audiences, Fowler is skeptical about the situation:
“At first glance, that doesn’t seem super personal or that it could be of any use to the Chinese government. But the more information any group or person has about you, the more they can use it to their advantage, whether it’s for data mining, cybercrime or for more nefarious purposes.”
Given the huge reach of TikTok, the platform has also become a prime advertising avenue for the cryptocurrency space. Binance made headlines in June 2022 by striking an ambassador deal with TikTok’s most followed influencer, Khaby Lame, to create Web3-focused educational content.
The platform also entered the non-fungible token (NFT) universe with its own collection of NFTs from a handful of its most prominent content creators, celebrities and influencers in September 2021.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.
