As reported by Military.com, the Army recently banned the app TikTok from use on phones. “It is considered a cyber threat,” Lt. Col. Robin Ochoa, a spokeswoman for the Army said in the Military.com article. This comes after Sen. Chuck Schumer of New York and Sen. Tom Cotton of Arkansas, both members of the Armed services intelligent committee, requested an investigation of the app for possible security risks.
TikTok, owned by Bytedance and based in Beijing, China claims China doesn’t have jurisdiction over the app’s data since data from the US doesn’t get sent to servers inside China. We don’t see much involvement in the app from China but Bytedance hasn’t accepted requests for questing by congress. TikTok released a transparency report likely in response to recent criticism on its transparency. But even Facebook and Google release transparency reports but most users oppose the amount of information these companies hold on them.
A recent security review of the app found issues with privacy protection both on the website and the app. Using the hardware and settings on the phone to identify a user, the app creates sounds and pictures internal to the phone to identify the phone and therefore the user. The link shows examples of the sounds and pictures created by the app.
While the app violates multiple Personally Identifiable Information, PII, security standards, based on the current research we don’t see evidence of involvement from China’s government now, but this could change. TikTok uses customer data to advertise and sell its data to advertisers for revenue. As with most application, if you don’t pay for the product then you are the product. If you use TikTok, know they gather your PII.