TikTok: Is it Safe to Use or Not?

Monday, August 24, 2020

TikTok: Is it Safe to Use or Not?

Social media app TikTok has been all over the news lately due to increased security concerns that the app could be used for spying and its user data shared with the Chinese Government.

The video sharing app has exploded in popularity during the pandemic lockdowns and has over 800 million users around the world. But the number of people who can use it may be getting smaller very soon because of the concerns.

India has already banned use of TikTok and the US has threatened a ban if the app isn’t purchased by a US company. There’s no talk as yet in the UK of a ban, but there are the same worries about security.

When thinking about your company’s cloud solutions and cybersecurity protections, mobile app security should be a high priority. Mobile use has grown significantly over the last decade, and now mobile devices make up majority of the devices on a company’s network.

60% of a company’s network endpoints are mobile devices.

Mobile apps, even those that seem innocent, can cause serious problems with cybersecurity. Some of the potential problems include:

  • Users granting too many permissions (like GPS location and contact data)
  • Data leakage from apps that gather intrusive information (like keystroke patterns)
  • Apps that pretend to be legitimate, but are actually malware or spyware

Because of the issue with TikTok, may UK business owners are wondering if they should be concerned about the app being used on employee devices that also hold company data and app access.

What are the Facts About TikTok Data Safety?

Keeping your data safe on mobile devices is just as important as keeping it safe when it’s on user computers. Should you be concerned about TikTok?

Here are some facts to date to help you make an informed decision.

TikTok is Owned by a Chinese-based Company

The reason for the controversy surrounding TikTok is that its owned by Chinese company, ByteDance. Due to the nature of the Chinese government’s power over businesses in the country, people worry that it could force ByteDance to give up its user data and that the data could be used for espionage purposes.

There is no public proof yet of this having happened and ByteDance states that it stores user data on servers outside China. However, the danger remains, because even though its servers may be outside China, the company itself is still subject to Chinese law.

TikTok Collects a LOT of User Data

Most social media apps collect multiple types of user data and they share that with advertising partners and others. Giving up that data is the cost of the “free” app. This includes things like your email address, preferences, social media accounts, contacts (if you allow it), and GSP data (if you have it turned on).

But companies should be worried about certain types of data that is being collected, which can be considered intrusive and potentially a security risk in general if any hacker were to get their hands on the information.

Some of information that’s noted in the app’s privacy policy that it collects which is worrisome includes:

  • Names of Apps that are on your phone
  • Files names/types that are on your phone
  • Keystroke patterns

Where Does TIkTok Share User Data?

Once that data is collected, there are multiple entities that it is shared with. While some may be common (like business partners, vendors, etc.) each entity that data is shared with leaves the risk of that data being exposed either in transit or in a breach of the recipient’s server or online assets.

Places where your data from TikTok may be shared include:

  • Business partners (including firms like Facebook, Google, Twitter)
  • Payment providers
  • Service providers (including cloud service providers, etc.)
  • Analytics providers
  • Advertisers (who could be just about anyone)
  • Corporate group (members, subsidiaries, affiliates)
  • Law enforcement/Legal obligation
  • In case of a sale or merger (there’s one currently in talks with Microsoft)

The part of where data can be shared that has people concerned is in the legal obligation area where it states, if needed to “comply with a legal process or request.”

While this isn’t unusual for all types of cloud-based companies to have in their privacy policies, because ByteDance is in China, it takes on a whole other meaning than it would for a UK or US company.

Where is TikTok Data Stored?

TikTok’s users policy for the US mentioned data being stored on servers in Singapore of the US, and not in China.

However, the privacy policy for the UK and European Economic Area is a little more vague. It states that the personal data collected will be stored at “a destination outside the European Economic Area (“EEA”). But doesn’t specifically state where that may be.

All in all, as with any data collecting and sharing app, you should be careful about company data sharing space with them. One way to stay more secure is through the use of a mobile device manager to lock down device security.

Need Help with Mobile Device Security?

NMX IT Solutions can help your Thames Valley area business ensure your data is not being put at risk from apps that may be gathering more data than you realise.

Contact us today to schedule your consultation! Call 01628 232300 or reach out online.

FOLLOW US

YOU MAY ALSO LIKE…

READY TO TRANSFORM YOUR BUSINESS?
WE CAN HELP YOU

Have questions or want to learn more about the services and solutions NMX IT Solutions has to offer?

TECHNOLOGY PARTNERS

We maintain close working relationships with the world’s leading technology companies, to ensure we remain at the forefront of today’s modern workplace, and to deliver on our promise of providing superior Managed IT Services and Solutions.

Microsoft Partner
VMWare Partner
Datto Partner
Sophos Partner
Dell Partner
Inclarity Partner

FREE REMOTE WORKING HEALTH CHECK

Is Your Business Data Secure Whilst Working From Home?

After rapidly enabling employees to work from home, many businesses are now taking time to assess the security of their remote work environments.  

Our Remote Working Health Check is a great way to verify that your business data, devices and users are 100% secure whilst working remotely. There is no fee or obligation, and it only takes 30-60 minutes of your time. 

We work remotely, no need to be onsite. Register today!

Thank You! We Will Be In Touch Soon To Schedule Your Health Check