What are the main security concerns surrounding TikTok?
Computer science professor provides insight
TikTok is one of the most popular social media networks, but facing political scrutiny because it is owned by a Chinese company that some people worry could pass the data it collects to a growing rival.
Qi Liao, computer science faculty member and professor for Central Michigan University’s College of Science and Engineering, shared his expertise on what kind of data TikTok gathers, whether it is more invasive than other apps and how you can maintain your privacy while using it.
Q: What are the cybersecurity concerns behind the calls to ban TikTok?
The primary cybersecurity concern behind the recent movement calling to ban Tik Tok (as well as the one under the Trump administration in 2020) is that the parent company of Tik Tok, i.e., ByteDance (a Chinese Company), might share user data with the Chinese government which is considered an emerging rival power competing with the United States. Such data might be used for intelligence gathering and could threaten national security. That is why the proposed ban currently only applies to government-owned devices.
Q: What kinds of user data does TikTok collect that might surprise people?
Like many other social media companies, TikTok may collect a variety of user data such as:
- location data (user movement trajectory, places visited, daily routines, etc.)
- biometric data (face recognition, voice, fingerprints, etc)
- device data (device types, operating systems, owner information, etc)
- usage data (your favorite video, hobbies, personal interests, etc.)
- contact data (your friends, colleagues, and family’s phone numbers, emails and addresses)
- linked social media data (like your Facebook and Twitter accounts, friends and followers, etc.)
Q: How does that compare to the user data collected by competing social media platforms?
The main difference is that the app is owned by a Chinese company, which is less transparent than a U.S.-based company. No one really knows what kind of user data they are collecting as opposed to a U.S.-based company that may be subject to US government regulations and disclosure of data collection/usage policy.
Q: Are there apps that gather the kind of data that TikTok gathers that are not social media platforms?
Yes! Nearly all companies (not just social media platforms) collect users’ data. The number one is the online shopping companies (e.g., Amazon). They collect users’ browsing behavior and purchasing history and make recommendations to promote sales of their products. Weather and navigation apps (such as Google Maps) track your location data as well. Calling apps can access your contact information.
Q: Is there a way to use TikTok and other apps while also protecting data that you don’t want to be collected?
If it’s a reputable company, you can let them know you do not want to be tracked. There might be certain optional settings hidden somewhere that you can adjust (like in Facebook privacy settings). While installing an app, check the permissions it requires. If a calculator app wants to access your contacts or a picture editing app wants to access your microphone, that might be suspicious. That said, sometimes you can’t use an app without granting it all permissions. So, you may have to give up an app entirely, which might be a hard choice for normal users. While one may use VPN or other techniques to change location information, accurate location is essential for applications such as maps. Sometimes it is prudent to sign up for accounts with separate email addresses individually rather than signing up by linking your Google for Facebook accounts.
About Qi Liao
Qi Liao is a Professor in the Department of Computer Science at Central Michigan University. He received his M.S. and Ph.D. in Computer Science and Engineering from the University of Notre Dame and his B.S. and departmental distinction in Computer Science from Hartwick College in New York, with a minor concentration in Mathematics.
Liao’s research interests include computer security, anomaly detection, machine learning, visual analytics, and economics/game theory at the intersection of network usage and cybersecurity. Learn more about Liao’s work and research interests through his profile.