TikTok is facing heightened scrutiny from the U.S. government over privacy and security concerns.
Fox News' Laura Ingraham: "Would you recommend that people download that app on their phones, tonight, tomorrow, any time, currently?"Secretary of State Mike Pompeo: “Only if you want your private information in the hands of the Chinese Communist Party.”
President Donald Trump ran several now-removed Facebook ads throughout July claiming China and TikTok are spying on its users.
Newsy spoke to cybersecurity experts about TikTok’s data collection and privacy practices. They told us that TikTok operates similarly to other tech companies.
“According to TikTok’s privacy policy, they collect common things such as your name, email address and IP address," said Randy Magiera, cybersecurity expert and professor at Tulane University. "These are common things, common data points to collect. You will see that in many applications, you know — Facebook, Google, what have you — collect this. But, they also collect some questionable information. Most importantly, one thing I found is that they collect geolocation-related data, so GPS tracking."
TikTok isn’t alone in this practice, either. Companies like Facebook also collect GPS data on users who opt-in, according to their data policy.
Magiera told Newsy that TikTok’s policies are designed to show TikTok isn’t mishandling personal information of its U.S. users.
"They host their primary data in the U.S. and outside of Chinese law. Chinese law is what allows the Chinese Communist Party access into their data. According to TikTok, they don’t even have access."
He noted some of TikTok’s data practices have left people skeptical about what they actually collect. In 2019, the company paid a $5.7 million Federal Trade Commission settlement for collecting personal information from children without parental consent. There’s also the question of who they provide that data to.
"TikTok states they do not sell the personal information to third parties. If that's true, that’s commendable. But, you know, how they plan to use their data they collect in the long term remains to be seen."
President Trump’s ads also claimed that TikTok was “caught red handed” monitoring iPhone clipboards, the place that stores data that’s cut or copied. That can include passwords or personal messages.
Newsy reached out to Mysk, a company that discovered the clipboard vulnerability. In a statement, co-founder Tommy Mysk told us their research “only confirmed the act of reading the content of the clipboard,” and said the “behavior is indeed suspicious but does not qualify as spying, per se.”
Mysk said “TikTok was not alone” in this practice, and that they found “dozens of apps read the clipboard frequently and for no clear reason,” as of late June, including several U.S.-based news apps, mobile games and shopping outlets.
Magiera added that some of the data that TikTok collects compared to other brokers is “pretty limited,” and could also be obtained from other sources.
"If TikTok is collecting six, seven, eight data points, those are good data points. But at the end of the day, if they really want data, they can create a company and buy data from these data brokers that will be way more comprehensive than anything that they could collect from TikTok."
Magiera also told Newsy that this TikTok moment should also serve as a reminder that before you download any app, scrutinize what data they want.
"If you download an application that tells you the weather, for example, and it says it needs access to your location, that makes complete sense. But if it says it needs access to your camera or your phone contact list, why does it need access to that? It probably doesn't."