How to best manage the potential TikTok security risks

If you’re a social media app user then you probably use, or at least know about the Chinese short-form video-sharing app TikTok. Since its worldwide launch in 2018, the app has experienced phenomenal user adoption rates. A snapshot of current TikTok statistics offers details on how it has grown:

• The app has been downloaded 3 billion times.
• There are 1 billion active monthly users including 150 million U.S. users
• 5 million U.S. businesses, including many small businesses, use the platform for advertising and sales.
• TikTok has 7,000 U.S.-based employees.

All social media platforms collect and analyze user data, and TikTok is no different in this respect. The issue of concern is that TikTok is a wholly owned subsidiary of ByteDance, a Chinese technology company headquartered in Beijing. ByteDance appoints TikTok’s executives. As a Chinese company, ByteDance would likely have to comply with China’s 2017 National Intelligence Law which could be used to compel the company to turn over its users’ data. This is what distinguishes the TikTok data vulnerability risk from other social media platforms, especially those that must comply with U.S. privacy laws. Even if all TikTok user data was stored in the U.S., a goal that their management says they are pursuing, would ByteDance refuse a request for that data from the Chinese government? To illustrate why there is reason for worry, this past December TikTok confirmed that it had improperly tracked three Forbes Magazine journalists’ locations.

Chinese government access to users’ data is not the only concern. TikTok’s algorithm, which selects the information used to populate users’ feeds, might be used to distribute Chinese government propaganda or circulate misinformation designed to alter users’ political views. Data from Pixel, TikTok’s code snippet that businesses add to their websites to track user actions and behaviors, could also possibly be hijacked by Chinese government actors and used for nefarious purposes.

Will banning TikTok solve user vulnerability issues?

President Biden has already signed a bill preventing the use of TikTok by federal workers using devices owned by U.S. government agencies. Although it’s far from certain he will do so, the U.S. House Foreign Affairs Committee voted to give the President the power to issue a wider ban on TikTok. More than 30 states and several universities have instituted bans on using TikTok on state-owned devices or using university networks to access the platform. The red-colored states on the map below have instituted a ban on TikTok usage on state-owned devices as of the creation of this article.

States that have banned TikTok on state-owned devices

as of April 2023

Source: Wikipedia

In many instances, the statewide bans also encompass state-owned networks;public universities such as Auburn, the University of Oklahoma, the University of Texas, Boise State University, etc. won’t allow their students to access TikTok using campus Wi-Fi (although students can use cellular data to access the app). As illustrated in the chart below, college-age students are one of the groups that most widely use TikTok. In the most extreme example of banning the app, Montana is the first state in the nation to pass legislation banning TikTok on all personal devices.

TikTok Users by Age

2023

Source: DataReportal

According to a new Pew Research Center survey, more than twice as many Americans support a U.S. government ban of TikTok as oppose it (50% to 22%). How such a ban would be monitored or enforced is unclear. The chart below offers details from the recent Pew Research Center study.

More Americans support than oppose the U.S. govt. banning TikTok – but not a majority of TikTok users

% who ___ the U.S. government banning TikTok

Source: Survey of U.S. adults conducted March 20-26, 2023.
PEW RESEARCH CENTER

Once again we see from the results of this study that the app’s core user group, young people, are the group least inclined to support a ban. This recent article in the New York Times captures the thinking of much of this age group.

If you continue to use TikTok, take steps to protect yourself

Here are some suggestions that will make TikTok safer for you to use:

• TikTok users should make their accounts private.
• Allow only friends to send you messages. Don’t accept messages from strangers.
• Limit your account so that it’s searchable only by people you’ve connected with. Do this by turning off “Suggest Your Account to Others”.
• TikTok contains many other user settings that, if turned on, can make your personal data more accessible to bad actors. To avoid these vulnerabilities, spend time reviewing settings and turning off those features pertaining to suggesting content to others, allowing others to see the videos you like, etc. It’s also a good idea to use mobile antivirus software on your phone and other mobile devices.
• The TikTok app has digital well-being features, which will help you manage your screen time. The digital well-being features include Daily screen time, Screen time dashboard, Screen time break, and Restricted Mode. If you want more information on TikTok’s well-being features, check this out.
• The TikTok feature that allows others to download your videos should be turned off. You don’t want to worry about others downloading and saving your videos. You can turn the video download setting on or off by following these steps:
  • Tap Profile in the bottom right to go to your profile
  • Tap the 3-line icon at the top right to go to your settings
  • Tap Settings and Privacy
  • Tap Privacy, then tap Downloads
  • Tap next to Video downloads to turn on or off

• Limit comments to avoid cyberbullying. Don’t leave yourself open to malicious users to make unkind and disparaging comments about you or others.
• Enable logging into TikTok using Two-Step Verification.
• Don’t click on links. Cybercriminals might embed a link in a message that mimics a legitimate link but is not.
• You don’t have to establish a TikTok account to use the app. You can watch TikTok content while

Unfortunately, these security vulnerabilities are just the beginning. If you think your company might be at risk, reach out! With the expertise of our Cybersecurity Advisory Board, Zeektek can help guide you to become a safer and more secure organization. Email info@zeektek.com to get started.

Safe scrolling!

Zeektek is an IT staffing and solutions company located in the Greater Sacramento Area. Founded in 2016 by staffing industry veterans John Stuart and Chad Daugherty, Zeektek was formed under the most basic of principles and qualities – loyalty, good listening and honesty. Zeektek is intensely focused on people, community and technology. For these efforts, Zeektek has been recognized with numerous awards and ranked on several industry lists, including Staffing Industry Analysts’ Best Staffing Firms list. To learn more, go to www.zeektek.com.