China has accused the US of exaggerating the concept of national security in order to suppress foreign companies, amid a growing row over TikTok.
The White House has ordered government agencies to wipe the Chinese social media app off all federal devices within 30 days, because of fears over cybersecurity. It follows similar steps taken by Canada and the EU.
Some politicians in the UK and US are calling for an outright ban of the app.
Spare a thought for TikTok executives.
In 2020, they narrowly escaped seeing their smash-hit app banned in the US by then-president Donald Trump, and faced a daily storm of questions about the cybersecurity risks posed by TikTok.
Thanks to numerous complex legal challenges, the debate largely fizzled out – and was eventually put to rest in 2021, when President Joe Biden overturned Trump’s proposal.
You could almost hear a collective sigh of relief, both from TikTok itself and the millions of influencers who rely on the social media app to earn a living.
But now, in an irony which mirrors the video app’s trademark looping format, we’re back to where we started.
Except now the stakes are even higher.
Around the time of Trump’s proposed ban three years ago, TikTok had been downloaded around 800 million times worldwide. Currently it numbers 3.5 billion downloads, according to app analyst company Sensor Tower.
Add to that a rise in geopolitical tensions between China and Western countries, and it’s clear TikTok’s global future is more precarious than ever.
So what are the three cybersecurity concerns about TikTok which keep coming up, and how does the company respond to them?
1. TikTok collects an ‘excessive’ amount of data
A TikTok spokeswoman told the BBC that the app’s data collection is “In line with industry practices”.
Critics frequently accuse TikTok of harvesting huge amounts of data from users. A cybersecurity report published in July 2022 by researchers at Internet 2.0, a Australian cyber company, is often cited as evidence.
Researchers studied at the app’s source code and reported that the app carries out “excessive data harvesting”. Analysts said TikTok collects details such as users’ location, what specific device they are using and which other apps are on the device.
However, a similar test carried out by Citizen Lab concluded that: “in comparison to other popular social media platforms, TikTok collects similar types of data to track user behaviour”.
Similarly, a recent report by the Georgia Institute of Technology in January stated: “The key fact here is that most other social media and mobile apps do the same things.”
2. TikTok could be used by the Chinese government to spy on users
TikTok’s spokeswoman told the BBC that the company is fully independent and “has not provided user data to the Chinese government, nor would we if asked”.
Although it irks privacy experts, most of us accept that handing over swathes of private data is the deal we make with social networks.
In exchange for giving us their services free of charge they gather knowledge about us and use it to sell advertising on their platform, or sell our data to other firms trying to advertise to us elsewhere on the internet.
The issue that critics have with TikTok is that it’s owned by Beijing-based tech giant ByteDance, making it unique as a non-American mainstream app. Facebook, Instagram, Snapchat and YouTube, for example, all collect similar amounts of data but are all US-founded companies.
For years, US lawmakers, along with most of the rest of the world, have assumed a level of trust: that the data collected by these platforms won’t be used for nefarious reasons which might put national security at risk.
Donald Trump’s 2020 executive order alleged TikTok’s data collection could potentially allow China to “track the locations of federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage“.
So far, evidence points to this being only a theoretical risk – but fears are stoked by a vague piece of Chinese law passed in 2017.
Article seven of China’s National Intelligence Law states that all Chinese organisations and citizens should “support, assist and co-operate” with Chinese intelligence efforts.
This sentence is often cited by people suspicious not just TikTok, but all Chinese companies.
However, researchers from the Georgia Institute of Technology argue that this sentence is taken out of context, and note that the law also includes caveats protecting the rights of users and private companies.
Since 2020, TikTok executives have repeatedly tried to reassure people that Chinese staff can’t access the data of non-Chinese users. But in December ByteDance admitted that several of its Beijing-based employees did access the data of at least two US journalists and a “small number” of others, to track their locations and to check whether they were meeting TikTok employees suspected of leaking information to the media.
TikTok’s spokeswoman says the employees who accessed the data were dismissed in December.
TikTok has also accelerated talks with the US government about plans to store all user data in the US instead of China. Additionally, it says since last summer all US data has been routed through US-based servers.
The company also says it is in the process of creating data stores around the world, including in Ireland where UK user data is now processed.
3. TikTok could be used as a ‘brain-washing’ tool
TikTok’s spokeswoman said: “Our Community Guidelines prohibit misinformation that could cause harm to our community or the larger public, which includes engaging in co-ordinated inauthentic behaviour.”
In November 2022, Christopher Wray, director of the Federal Bureau of Investigation (FBI), told US lawmakers: “The Chinese government could… control the recommendation algorithm, which could be used for influence operations.”
Those concerns are further inflammed by the fact that TikTok’s sister app, Douyin – which is only available in China – is heavily censored and reportedly engineered to encourage educational and wholesome material to go viral.
All social networks are heavily censored in China with an army of internet police deleting content which criticises the government or excites political unrest.
At the start of TikTok’s ascendancy, there were high-profile cases of censorship on the app: a user in the US had her account suspended for discussing Beijing’s treatment of Muslims in Xinjiang; after a fierce public backlash, TikTok apologised and reinstated the account.
Since then there have been few cases of censorship, other than the sort of controversial moderation decisions that all platforms have to deal with.
Researchers at Citizen Lab carried out a comparison of TikTok and Douyin. They concluded that TikTok does not employ the same political censorship.
“The platform does not enforce obvious post censorship,” researchers said.
Georgia Institute of Technology analysts also searched for topics such as the independence of Taiwan or jokes about Chinese Premier Xi Jinping, and concluded: “Videos in all of these categories can easily be found on TikTok. Many are popular and widely shared.”
The overall picture, then, is one of theoretical fears – and theoretical risk.
Critics argue TikTok is a “Trojan horse” – although it looks harmless it could prove to be a powerful weapon during times of conflict, for example.
The app is already banned in India, which took action in 2020 against the app and dozens of other Chinese platforms.
But a US ban on TikTok though could have a huge impact on the platform, since typically US allies often fall in step with such decisions.
That was apparent when the US successfully led calls to block Chinese telecom giant Huawei from being deployed in 5G infrastructure – again, based on theoretical risks.
It’s worth noting, of course, that these risks are a one-way street. China doesn’t have to worry about US apps because access for Chinese citizens has been blocked for many years.