Are TikTok and Other Chinese Apps Really Stealing Your Data?

2 years ago

With governments starting to ban Chinese apps, you may be wondering: do you need to remove Chinese apps from your phone?

The threat of online surveillance is never far away in the 21st Century, between data breaches, government data collection, and invasive social media accounts. Now, the government is telling you to uninstall Chinese-developed apps as they may form part of an enormous spyware platform, gathering data in every country around the world.

With TikTok bearing the brunt of the spyware allegations, should you begin removing Chinese apps from your smartphone? Are Chinese apps stealing your data?

Why Is The US Banning Chinese Apps?

For a long time, Chinese-developed apps and software have been suspected of acting as spyware. These apps allegedly collect user data, which is sent back to the Chinese government via technology corporations. Many suspect the tech companies are working hand in hand with the Chinese government, given the political structure in the country.

Why Is The US Banning TikTok?

At the forefront of the allegations is TikTok, the video-sharing social media platform that has taken the world by storm. TikTok has been downloaded over 2 billion times, has an estimated 800 million active users, with the majority of those users falling into the 18-30 age bracket.

What is TikTok? Here's everything you need to know, including what TikTok is, how it works, and how to use it.

On Thursday, August 7, 2020, President Trump issued an executive order effectively banning TikTok in the US. The order specifically targets TikTok's owner, ByteDance, and forbids any "transactions" with the company, coming into effect 45 days after the publication of the order.

The nationwide ban comes into effect after TikTok was banned from all government devices, including government officials and military personnel.

Are Chinese Apps Stealing Your Data?

The big question: if you install a Chinese app, will it steal your data? Almost every allegation leveled at these apps focuses on data theft, the TikTok app being a prime example.

Security researchers began investigating TikTok's data collection practices as far back as March and April 2020. A Reddit post on April 9 by user bangorlol provided an analysis of a reverse engineering attempt on the TikTok app version that was active at the time. The verdict was that "TikTok is a data collection service that is thinly veiled as a social network" and that "TikTok is essentially malware."

It is a relatively detailed analysis by a user that claims to reverse engineer apps for a living, so the post caught a huge amount of attention. However, the original post doesn't explore and explain any specific reasoning behind the claims and instead segues into other issues with the app, such as view and viral video manipulation.

Since then, however, questions regarding TikTok's apparent data theft have amplified. Other security researchers are not so sure that TikTok is as malicious as the media, and certain government figures are portraying.

For example, take security expert Mike Thompson, who says "I'm yet to see a documented, material threat . . . It's no more than the usual bluster over a new app designed to help people connect. Yes, it comes with a risk, but it's no worse than the myriad other social networking communities."

Similarly, respected security researcher, Baptiste Robert (@fs0c131y), concludes that "As far as we can see, in its current state, TikTok doesn't have a suspicious behavior and is not exfiltrating unusual data."

TikTok Collecting User Data Through Unusual Encryption

Then, in mid-August 2020, it emerged that the TikTok app had collected device MAC addresses, skirting protections in both iOS and Android designed specifically to protect against such collection. The app collected MAC addresses for around 15 months, halting the practice in November 2019 as scrutiny into the security of TikTok increased.

Your device MAC address is a unique device identifier assigned to every network adapter. Collecting the MAC address for every device is a powerful identification tool, as the MAC address never changes. (Yes, there are ways to spoof and alter a MAC address, but most regular TikTok users are not pursuing such activities.)

As the MAC address never changes, it allows significant profiling of an individual user and their habits. Given the other worries regarding TikTok, the combination was clearly a significant issue, creating a long-term tracking method with zero opportunity to opt-out of data collection.

The information comes from a Wall Street Journal investigative piece that analyzed nine versions of the TikTok app, released between April 2018 and January 2020. The analysis somewhat confirmed the findings of other security researchers. TikTok doesn't collect an outrageous amount of data beyond what you might expect from a social media app.

However, the WSJ research also confirmed much of Reddit user bangorlol's post from April 2020: ByteDance wraps most of the user data it sends in an unusual encryption type, above and beyond the standard protection afforded by SSL/TLS. Is it to provide extra user security? Or to obfuscate what TikTok was sending to ByteDance's servers?

If ByteDance were using MAC address for identification and tracking, it would explain the extra encryption layer. The encryption would stop Google and Apple from analyzing data traffic, stopping the MAC address and other data collection appearing on the radar.

Is This Different From Other Social Media Platforms?

Another consideration is that Facebook, Twitter, Instagram, and so on, all perform the exact same actions as TikTok. That is, hoover up user data, create detailed user profiles, and target those profiles with advertising. Grabbing information regarding the device operating system, screen resolution, device model, and similar data is par for the course with social media apps.

However, the Chinese apps allegedly scoop more data than necessary. Jon Callas, a senior technology fellow with the ACLU, says, "Chinese apps are frequently far more abusive than others---and we hate the others."

By extension, you must consider what these technology giants can do with this amount of data. You only have to look back at the Cambridge Analytica scandal to see the dangerous power of enormous social media datasets. As the first Chinese social media app to take the world by storm, the first Chinese social media app to penetrate through every Western country and level of society, the potential for malicious data collection is plain to see.

Are Other Countries Banning Chinese Apps?

The list of banned Chinese apps depends on your locale. As you read, the US is banning transactions with TikTok's parent company, ByteDance. However, the US isn't the only country banning TikTok, or indeed, Chinese-developed apps.

In early July 2020, India banned TikTok and over 50 other Chinese apps, stating that the apps are "prejudicial to [the] sovereignty and integrity of India, defence of India, security of state and public order." Although the Indian government cites the security and privacy risk, the move is part of a wider response to an earlier incident at the Chinese/Indian border in the Ladakh region, resulting in multiple casualties.

Included in the ban is the popular messaging app, WeChat, microblogging platform, Weibo, and the popular Android game, Clash of Kings.

At the time of writing, very few other countries are banning Chinese apps (Australia is considering banning TikTok and has already banned Huawei and ZTE).

Huawei 5G Infrastructure Ban

However, in July 2020, the UK announced it would ban the Chinese telecom giant, Huawei, from its 5G networks. The UK government also pledged to remove any existing Huawei technology from its 5G infrastructure by 2027. The move follows months of lobbying both domestically and internationally to not only reduce Huawei's role in critical national infrastructure but to remove it entirely.

France Investigates TikTok

Similarly, while writing this article, a spokeswoman for the French data watchdog, CNIL, confirmed it was opening an investigation into TikTok. Specifically, the investigation will analyze how TikTok handles user data under the EU's GDPR data protection framework, which affords European Union citizens extra data protection.

Are US Bans On Chinese Apps Fair Game?

The US (and of the other five-eyes governments) making bold claims about data collection is hypocritical at best, and utterly laughable at worst. It wasn't so long ago that the world was rocking from Edward Snowden's revelations regarding PRISM, XKeyscore, ECHELON, and other global data collection programs.

These programs didn't use apps as spyware, instead scooping up vast reams of data from the major data connection cables between countries (such as Tier 1 service provider networks or undersea cable infrastructure).

Furthermore, these programs are still active and have been renewed multiple times by the US government (with collaboration from allied governments).

Still, the water flows both ways. The Chinese government bans access to many major US tech companies, including Google, Facebook, Twitter, Instagram, and even TikTok (the Chinese version of TikTok is named Douyin and shows different content). Furthermore, the Chinese government censors Western news sources, video streaming services, and more.

The reasons for censoring differ, but both seek the same goal: "protecting" citizens from a foreign government.

Should You Delete Chinese Apps From Your Phone?

Aside from the fact you no longer have much choice in the matter, given the Presidential Executive Order---but you could probably have reached a decision without interference. If you're going to keep using TikTok, assume that your data is insecure and that the app could compromise you in other ways.

The problem is that any conversation involving China, the US, government adversaries, spying, and data collection is difficult to keep tabs on. It doesn't boil down to "China = bad," so delete the apps post haste. That would be the simple, black and white answer many desire.

Unfortunately, vociferous opposition to TikTok and other Chinese-developed apps pushes consumers into the realm of geopolitics, as pawns between two major nations battling it out for control of your data.

For most people, TikTok is just a fun video-sharing app. Is giving Facebook and Google an infinite supply of data better than TikTok? Is TikTok really a national security risk?

Comment Box is loading comments...
Related Forums
US Military shoots down Chinese surveillance Balloon over Atlantic ocean after days of flying over sensitive American military sites

US Military shoots down Chinese surveillance Balloon over Atlantic ocean after days of flying over sensitive American military sites

8 hours ago
EPL: He played really well – Ten Hag singles out one Man Utd player

EPL: He played really well – Ten Hag singles out one Man Utd player

10 hours ago
Chinese food blogger fined $18,500 for cooking and eating a great white shark

Chinese food blogger fined $18,500 for cooking and eating a great white shark

3 days ago
School worker accused of stealing $1.5 million in chicken wings during COVID-19 pandemic

School worker accused of stealing $1.5 million in chicken wings during COVID-19 pandemic

4 days ago