Tiktok is a security threat

Before you sell yourself out silly on TikTok… Security experts repeatedly warn that this inanely entertaining app may have serious hacking undercurrents

CoVid-19, or the novel coronavirus disease, has brought Metro Manila to its knees, forcing Philippine President Rodrigo Duterte to place the capital and the main Luzon island under extended enhanced community quarantine (ECQ) for another two weeks after the initial month of quarantine lapses on April 14.

The viral disease has paralyzed school, work, and social activities, compelling people to stay at home. The government has allowed only essential sectors—such as hospitals, pharmacies, logistics, food production and delivery, and defense forces—to continue operating.

The ECQ has spawned an unexpected pastime among an increasing number of quarantined Filipinos—TikTok. Along with other social media platforms like Facebook or Instagram, TikTok has been used to fight boredom and ease the fears and anxieties of a population facing a new, deadly, and unseen enemy.

A social media video-sharing app, TikTok has gained popularity among people of all ages, especially millennials across the world, especially in social media-savvy Philippines and the United States.

TikTok has achieved more than a billion downloads globally in just three years after its launch in 2016, becoming the most downloaded app in 2019, the downloads from China, where it originated, not included.

Starting off as Douyin in China, TikTok was made and developed by Beijing-based technology firm ByteDance.

While ByteDance clarifies that the Chinese government does not influence its operations, the firm showed that it still must follow state regulations.

For example, in 2018, ByteDance shut down its popular Neihan Duanzi (inside jokes) app because of its vulgar content, after being pressured by the Chinese government.

To fortify its compliance with government policies, ByteDance founder Zhang Yiming, in a letter, wrote that his firm was committed to working with the Chinese government. The letter said that ByteDance would:

“Further deepen its cooperation with authoritative (state-owned) media, elevating distribution of authoritative media content, ensuring that authoritative media voices are broadcast to strength.”

ByteDance’s privacy policy also warned users before that it could share their information with its Chinese businesses, as well as law enforcement agencies and public authorities if legally required to do so. 

Last year in February, the US Federal Trade Commission (FTC) penalized ByteDance $5.7 million for illegally collecting information from minors. The amount is one of the largest fines in FTC’s history.

Later last year, the Chinese firm received a class-action lawsuit for violating laws related to data gathering and the right to privacy. The lawsuit accused the company of collecting biometric data like facial scans from videos, and transmitting them from the United States to China.

At the beginning of 2020, Israel-based cybersecurity company Check Point found vulnerabilities in TikTok that could be exploited by cybercriminals, who could send users malicious links, exploit user data, disclose information, and hack TikTok accounts. 

In March, US authorities warned about TikTok’s potential security risk. The Federal Bureau of Investigation (FBI), Justice Department, and Homeland Security faced the US Senate, saying that the app could be exploited by China.

FBI Cyber Division Deputy Assistant Director Clyde Wallace explained that Chinese apps like TikTok may retrieve personal data. These include biometrics, bank and credit card details, contact lists, and location data, all of which can be transmitted to other locations and entities.

ByteDance continuously claims TikTok data outside China cannot be accessed by the Chinese government. However, its deep association with China as a Chinese-based firm remains undeniable.

In addition, the series of events during the past months show the potential security risks linked to using the app. The scarier part is, most TikTok users include children and teenagers who may not be conscious about staying secure while on the Internet.