Should you be worried about TikTok?
As talks about the app’s security risks continue, this Computer Sciences professor has advice on how to protect your privacy.
Opening the TikTok app is like drinking from a fire hose of engaging and tailored content. But like most other social-media apps, it also collects and stores your information in ways you might be unaware of.
The main concern about TikTok’s security stems from its status as a Chinese-owned company. In fact, the Biden administration recently demanded that TikTok’s corporate owner ByteDance sell to an American company or face a ban in the U.S.
Steve Beaty, Ph.D., professor of Computer Sciences at Metropolitan State University of Denver, explains what type of data TikTok collects, why it collects that data and why it can be a cybersecurity threat.
Can you briefly explain what type of data apps such as TikTok collect and how they collect it?
TikTok generally collects data about a person, whoever is posting and, indeed, even watching. A significant concern is, and it’s a concern with all the different social-media platforms, that they can use those data for purposes we’re uncomfortable with.
You “sign” an end-user license agreement, or EULA, in social-media apps. In the EULA, we consent to give away an incredible amount of personal data on an ongoing basis — things like location.
Regarding how they collect the data, your phone is connecting to a server. That server then has the IP address, which is the Internet Protocol address. From that, geolocation is very simple. Geolocation identifies and tracks the whereabouts of connected electronic devices. This geolocation can pinpoint where you are within, sometimes, 10 meters. With these kind of data, a company can easily track where a person has been and their daily routine.
RELATED: The spies you invite into your home
What do apps such as TikTok use this type of data for?
Social-media apps generally aren’t using the data they collect for anything particularly horrible. They use data to tailor your experience and primarily for marketing purposes. The data helps them pinpoint videos you might like or things in your area that you might be interested in.
Apps collecting data can become problematic when they sell data to third parties or when outside entities take it from those primary servers. Because you agreed to the EULA in the primary app, you have little say over who now owns and uses your data and for what purpose.
The City of Denver and some states have recently banned TikTok from government devices. How does individual data collection become a city, state or national cybersecurity issue?
Here’s an example: Let’s say I’m a person who has sensitive information. Because of geolocation collected on a social-media app, outside threats can know where I go for coffee every morning. People who want the sensitive information I have can now go to that coffee shop and listen to see if I happen to say something that would lead them to that information. Using data like where someone goes to coffee daily to obtain sensitive information is called a “watering hole” attack. Now, my personal social-media app use has opened the potential for a city-, state- or national-security threat.
Threats tend to target people who have security clearances or access to a wealth of information, so it can make sense for people who work for a government agency not to be able to have certain apps on their phones.
Is TikTok less secure than other social-media apps?
Essentially, no. It’s not any more invasive than any other social-media app. Facebook, Instagram and TikTok all require you to give up much of your personal information by signing that EULA.
The difference is that Facebook and Instagram are based in the United States, and TikTok is owned by ByteDance, which is based in China. And the United States is in competition with China.
5 TikTok privacy settings for safer scrolling
What do you recommend people do to protect themselves on apps such as TikTok?
Be informed. I recommend that everyone look at the EULAs for all of their apps and be sure you know what data you’re sharing. EULAs can change over time, and your continued use of the app is your implicit agreement to the terms of the EULA.
Change your settings. Each app has settings you can change so you’re comfortable with what you share. In general, it can be a good idea to turn off your location or other tracking data.
We must do our due diligence to ensure that we share only what we want to share.