clock menu more-arrow no yes mobile

Filed under:

Do you really need to worry about your security on TikTok? Here’s what we know.

You may be wondering how an app for sharing viral lip-syncing videos poses a national security threat.

A hand holds up a phone displaying the TikTok logo in front of a building. Yan Guolin/VCG via Getty Images
Shirin Ghaffary is a senior Vox correspondent covering the social media industry. Previously, Ghaffary worked at BuzzFeed News, the San Francisco Chronicle, and TechCrunch.

Last week, President Trump seriously escalated his threats toward the social media app TikTok, which he has accused of posing a threat to national security. If the Chinese-owned app doesn’t sell to an American company in 45 days, it will effectively be banned in the US.

You may be wondering how an app that’s best known as a place where teenagers post viral lip-syncing videos poses a national security threat. That largely comes down to the fact that TikTok is owned by a Chinese company, ByteDance. The US government worries the app could be used not only to surveil US users but to censor political speech and spread misinformation that could hurt democracy in the US.

Many of TikTok’s users and creators haven’t been deterred by government warnings. Take Laura Lee Watts, who posts skin care and makeup reviews on the app and has about 2 million followers. What she’s worried about is losing access to TikTok.

“As a civilian, I’m not concerned about it all,” Watts told Recode. “Even if the Chinese government had my information, what are they going to do with it?”

While Watts’s data might not expose anything sensitive, she’s just one of the app’s 100 million US users. Several cybersecurity experts told Recode that the app could pose a risk — if indeed the Chinese government forced TikTok to share data. Beijing has been accused of employing hackers to uncover all kinds of intellectually sensitive information in the US and other countries, from Covid-19 vaccine research to defense secrets. So it’s not a complete stretch to consider how certain TikTok users could be exploited — say, a defense contractor who uses TikTok for fun but whose phone could have other hackable, sensitive data on it.

“There are reasonable concerns on the security side,” Adam Segal, a cybersecurity expert at the Council on Foreign Relations, told Recode. “But the issue is, how do you address them, and what precedent are you setting?”

Some people have speculated that the president is targeting TikTok to retaliate against the app’s users that recently pranked Trump’s June campaign rally in Tulsa, Oklahoma, by reportedly registering thousands of tickets that they didn’t end up using. But TikTok isn’t the only Chinese-owned company to become a Trump target. In the recent past, he has halted Chinese development of 5G networks in the US, and he’s banned a Chinese company from buying the dating app Grindr. And last week, he issued an executive order that threatens to ban the popular messaging app WeChat, owned by the Chinese mega-company Tencent. Unlike TikTok, there’s no plan for WeChat to sell to a US bidder, making it a potentially more impactful part of Trump’s crackdown.

Viewed together, Trump’s threats to ban TikTok and WeChat are part of his administration’s broader strategy of being tougher on China.

There are two related issues driving the conflict. The first is the US government’s concern that the Chinese government could force companies like TikTok’s ByteDance to surveil Americans. This is a worry shared by Republicans as well as some leading Democrats, like Sen. Richard Blumenthal. The second issue is the Trump administration’s perception that China is trying to take over the global technology industry, which has long been dominated by American powerhouses. For years, the Chinese government has banned major US tech companies like Facebook and Google from doing business in the country, and now the US is starting to reciprocate by banning Chinese apps.

“Tech is one of the most important battlegrounds for the China-US cold war because wrapped up in tech is the conversation of economic competitive strength and values,” said Segal.

There’s a lot that we don’t know about what risks Chinese-owned apps like TikTok pose to US citizens, since much of this information is considered classified American intelligence. But whether the risks are small or significant, the recent debates over what to do with TikTok and WeChat are part of what some are calling a new cold war between China and the US, with the US positioning itself as the moral leader upholding an internet that adheres to values of free speech, in contrast to the Chinese Communist Party, which regularly enforces strict censorship online.

What we know — and don’t know — about national security concerns

Trump has accused ByteDance and other Chinese tech companies like WeChat of posing serious threats to US national security.

The concern is that TikTok could funnel American users’ personal data to the Chinese Communist Party, “potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage,” according to Trump’s recent executive order. The order makes it illegal for any person or company in the US to do business with TikTok after September 20. If TikTok sells to a US company before then, the ban will no longer apply.

So what’s actually going on? It’s true that TikTok automatically collects reams of user data, including location and internet address, searching history within the app, and type of device being used, according to its privacy policy. But many other popular social media apps do this, too. (TikTok has said that it collects less data than its competitors, like Facebook and Google, because it doesn’t track user activity across devices, which both companies do.)

Last month, a report found that TikTok was accessing users’ clipboard data and saving what people copy and paste. TikTok said this was an anti-spam measure and that it’s now stopped the practice. But TikTok wasn’t the only app found accessing clipboard data; several other major apps, from ABC News to HotelTonight, were found to be accessing people’s clipboard data as well.

TikTok also sidestepped a privacy safeguard in Google’s Android operating system to secretly track users’ “MAC addresses,” which are unique identifiers tied to people’s phones, according to a recent Wall Street Journal report. TikTok seems to have stopped tracking these identifiers in November, the Journal reported.

But aside from the specifics of what TikTok does and doesn’t track, politicians like Trump are worried that, ultimately, TikTok is beholden to the Chinese government. And the Chinese government has broad authority, significantly more so than the US government does, to snoop on users’ data as it pleases.

TikTok has repeatedly denied that it has or ever would give up user data to the Chinese government. The company says it stores American user data on servers in the US and Singapore, which ostensibly would make it harder for the Chinese government to tap into. The company has also taken measures to separate its US business overall from its Chinese parent company. For example, TikTok doesn’t operate in China (the Chinese version of it, Douyin, does).

The CIA reportedly investigated TikTok’s security threat and found no proof that Chinese intelligence authorities have been snooping on Americans through TikTok, according to the New York Times. The agency’s assessment still found that Chinese authorities could potentially tap into Americans’ data through the app, according to the Times’s summary of the classified report. That’s why last December, the Department of Defense cautioned military personnel to delete TikTok from their smartphones over security concerns. And the Senate voted unanimously to ban federal employees from using TikTok on government devices last week.

“There’s no publicly available evidence that TikTok has ever done anything wrong,” said Segal, “but the concern is that because the Chinese National Intelligence Law of 2017 says any Chinese company can be drafted into espionage, a company could be forced to hand over the data.”

TikTok’s efforts to separate its US business from its parent company’s Chinese operations are not enough to placate the growing intensity of anti-China hawks in Trump’s administration. And there doesn’t seem to be much TikTok can do — other than sell to a US company like Microsoft, which is the frontrunner out of a few major US companies that are reportedly in talks to buy TikTok’s US operations.

A second area of concern is that apps like TikTok and WeChat censor content that the Chinese Communist Party disapproves of. On this front, there are more documented concerns, especially about WeChat.

WeChat has been found to intercept and censor political messages sent by Chinese users to US users. A report in May by Canadian researchers CitizenLab found that the app was blocking certain messages, including a political cartoon depicting the late Nobel laureate Liu Xiaobo, who was critical of the Chinese government. The report also found that WeChat was analyzing messages sent by international users, including those in the US, to scan for and block politically sensitive content before it could circulate among Chinese users.

With TikTok, there have been accusations — without definitive proof — of censorship at the behest of the Chinese government. Last year, internal company documents showed TikTok was instructing its staff to moderate content in line with the Chinese government’s censorship of topics like the Tiananmen Square massacre and Free Tibet, according to leaked guidelines published by the Guardian. But these guidelines were part of broad rules against controversial discussions on international politics across countries, so there’s no explicit proof that this was a directive from the Chinese government to TikTok. Another oft-cited concern about potential political censorship on TikTok is that during last year’s Hong Kong independence protests, there weren’t a lot of results for popular hashtags of the protest movement. But there’s no proof that the company was actively censoring content or whether people just weren’t posting about it.

The US’s escalating trade war with China over tech

It’s important to put all of this in context. TikTok and WeChat’s political troubles in the US don’t exist in a vacuum, but rather inside a larger web of complex China-US politics. Since 2018, Trump has waged a trade war with China over free trade policies that he feels disadvantage US manufacturing. And increasingly, tech has become tangled up in this war, involving Chinese-owned dating apps, drone companies, and telecom hardware makers.

“There is no bottom to the US-China relationship right now; it keeps getting worse and worse,” Segal told Recode. “The administration is looking for more and more ways to contain, hurt, and damage China.”

And technology, which has helped dramatically strengthen the Chinese economy in the past few decades, is seen as one of the most important areas of competition.

Last August, as China and the US were escalating tit-for-tat tariff increases on imported goods from each country, Trump issued an executive order aimed at the Chinese telecommunications giant Huawei over concerns that the company was a cybersecurity threat. Trump gave Huawei a partial death penalty in the US by putting it on an “entity list” barred from doing business with US companies.

Huawei is a big deal outside of the US. It sold 250 million phones last year — that’s more than Apple. So the Trump administration’s effective ban had ripple effects. Google had to stop running its Android operating system on Huawei phones and killed its plans to build a smart speaker with the company. The US government’s restrictions also rolled back Huawei’s plan to manufacture equipment to build out a massive 5G internet network in the US, which the Trump administration worried the company could use to intercept data on behalf of the Chinese government. The US has since offered a reprieve to US companies, allowing them to work with Huawei through temporary licenses on setting 5G standards.

Even Chinese-owned dating apps have attracted the US government’s attention. Last April, the US government undid a deal that had sold the popular dating app Grindr to Chinese owners, citing national security concerns. The decision came from a little-known government agency, the Committee on Foreign Investments in the US (CFIUS), which reviews the national security risks of major transactions involving foreign corporations. CFIUS has similarly been reviewing the 2017 merger that led to TikTok’s creation, when ByteDance acquired the user base of the lip-syncing app and rebranded it as TikTok.

Some of the Trump administration’s targets seem to pose a more obvious security threat: roaming drones that could be tapping video feeds and surveilling US turf. The Trump administration is reportedly considering issuing an executive order banning the Chinese drone manufacturer DJI, the most popular drone maker in the world, whose equipment is commonly used for military and rescue purposes. The US Department of the Interior has already grounded at least 800 DJI drones out of fear that the Chinese government could exploit them to spy on Americans. Last month, researchers found major flaws in DJI’s security features, which collected “large amounts of personal information that could be exploited by the Beijing government,” according to the New York Times.

The consequences of these mounting tensions over Chinese-owned tech could have a number of side effects. An obvious possibility is that China could retaliate. The US’s actions could also give other countries precedent to start cutting off their app markets from US companies — for example, a European country could, citing privacy concerns, bar its citizens from accessing Facebook. Either would be bad for the US economy in the long run, said Bobby Chesney, a professor at the University of Texas who specializes in national security law.

But, Chesney stressed, the US isn’t making the first move here. American companies have long been banned in China, where companies that started off by building copycats of major US tech apps — Baidu is China’s answer to Google, Didi its Uber, Weibo its Twitter — have grown into tech powerhouses. US social media companies have tried, unsuccessfully, to enter the Chinese market.

“Good luck running Twitter in China,” said Chesney. “The playing field is very much not level in the other direction.”

What’s next

Trump has given both TikTok and WeChat a September 20 deadline before his executive orders will be enforced. If TikTok and WeChat don’t follow these orders by then, their business operations could be fined $300,000 per violation, and “willful offenders” could face criminal charges. TikTok is reportedly planning to sue the administration over the legality of the order.

If TikTok sells its US operations to an American company in a manner that’s approved by the Trump administration, it would steer clear of further regulation. The process of unwinding TikTok from its Chinese owner could be a messy process and take up to a year, according to a report from Reuters, but it would leave TikTok’s valuable US user base intact.

For WeChat, there’s no such known escape (for now) from the regulatory crackdown because there are no publicly known potential US buyers. That could mean that some 19 million Americans who use the app will be cut off from it by the end of next month. Many US WeChat users use the app to communicate with family overseas in China, where many other communication apps like Skype and WhatsApp are blocked.

But regardless of what happens with WeChat and TikTok, the Trump-China tech war will likely continue. According to policy analysts, it’s hard to see a world in which Trump backs down from these escalating restrictions on the Chinese tech sector in the US. And even if Joe Biden wins the presidency, the Democratic candidate has still taken a notably tougher stance on China than in his earlier days in the Obama administration.

The Trump administration is picking new targets beyond TikTok and WeChat — and the videoconferencing app Zoom, which has become nearly ubiquitous during the coronavirus pandemic, could be next. Though Zoom is an American company, it has faced criticism for routing some of its US calls through Chinese servers (Zoom said this was a mistake and is no longer routing free video calls in China). Politicians including House Speaker Nancy Pelosi, who referred to the company as a “Chinese Entity,” have warned of its security risks.

Several analysts told Recode that some of the concern about TikTok and other Chinese technology companies is valid. But the way the TikTok order in particular has been executed — with Trump going back and forth on whether he’d approve a TikTok-Microsoft sale, and at one point demanding a cut of the deal — has been haphazard and has given the global business community a sense of distrust toward the US government.

The uncertainty has also impacted TikTok creators like Watts.

“For these kids, it’s their whole life,” said Watts of creators on TikTok. In recent weeks, she has put out videos attempting to calm her fans and fellow creators, who worry the app could be shut down overnight. She’s hopeful that Microsoft will reach a deal to buy TikTok. She said she understands the Trump administration’s concern that TikTok could be used as a Chinese spy app — but she isn’t convinced.

“It’s not that I disagree, but I think there’s a presumption of guilt without any proof,” said Watts.

Will you become our 20,000th supporter? When the economy took a downturn in the spring and we started asking readers for financial contributions, we weren’t sure how it would go. Today, we’re humbled to say that nearly 20,000 people have chipped in. The reason is both lovely and surprising: Readers told us that they contribute both because they value explanation and because they value that other people can access it, too. We have always believed that explanatory journalism is vital for a functioning democracy. That’s never been more important than today, during a public health crisis, racial justice protests, a recession, and a presidential election. But our distinctive explanatory journalism is expensive, and advertising alone won’t let us keep creating it at the quality and volume this moment requires. Your financial contribution will not constitute a donation, but it will help keep Vox free for all. Contribute today from as little as $3.

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.