Social media app TikTok has been all over the news lately due to increased security concerns that the app could be used for spying and its user data shared with the Chinese Government.
The video sharing app has exploded in popularity during the pandemic lockdowns and has over 800 million users around the world. But the number of people who can use it may be getting smaller very soon because of the concerns.
India has already banned use of TikTok and the US has threatened a ban if the app isn’t purchased by a US company. There’s no talk as yet in the UK of a ban, but there are the same worries about security.
When thinking about your company’s cloud solutions and cybersecurity protections, mobile app security should be a high priority. Mobile use has grown significantly over the last decade, and now mobile devices make up majority of the devices on a company’s network.
60% of a company’s network endpoints are mobile devices.
Mobile apps, even those that seem innocent, can cause serious problems with cybersecurity. Some of the potential problems include:
- Users granting too many permissions (like GPS location and contact data)
- Data leakage from apps that gather intrusive information (like keystroke patterns)
- Apps that pretend to be legitimate, but are actually malware or spyware
Because of the issue with TikTok, may UK business owners are wondering if they should be concerned about the app being used on employee devices that also hold company data and app access.
What are the Facts About TikTok Data Safety?
Keeping your data safe on mobile devices is just as important as keeping it safe when it’s on user computers. Should you be concerned about TikTok?
Here are some facts to date to help you make an informed decision.
TikTok is Owned by a Chinese-based Company
The reason for the controversy surrounding TikTok is that its owned by Chinese company, ByteDance. Due to the nature of the Chinese government’s power over businesses in the country, people worry that it could force ByteDance to give up its user data and that the data could be used for espionage purposes.
There is no public proof yet of this having happened and ByteDance states that it stores user data on servers outside China. However, the danger remains, because even though its servers may be outside China, the company itself is still subject to Chinese law.
TikTok Collects a LOT of User Data
Most social media apps collect multiple types of user data and they share that with advertising partners and others. Giving up that data is the cost of the “free” app. This includes things like your email address, preferences, social media accounts, contacts (if you allow it), and GSP data (if you have it turned on).
But companies should be worried about certain types of data that is being collected, which can be considered intrusive and potentially a security risk in general if any hacker were to get their hands on the information.
- Names of Apps that are on your phone
- Files names/types that are on your phone
- Keystroke patterns
Where Does TIkTok Share User Data?
Once that data is collected, there are multiple entities that it is shared with. While some may be common (like business partners, vendors, etc.) each entity that data is shared with leaves the risk of that data being exposed either in transit or in a breach of the recipient’s server or online assets.
Places where your data from TikTok may be shared include:
- Business partners (including firms like Facebook, Google, Twitter)
- Payment providers
- Service providers (including cloud service providers, etc.)
- Analytics providers
- Advertisers (who could be just about anyone)
- Corporate group (members, subsidiaries, affiliates)
- Law enforcement/Legal obligation
- In case of a sale or merger (there’s one currently in talks with Microsoft)
The part of where data can be shared that has people concerned is in the legal obligation area where it states, if needed to “comply with a legal process or request.”
While this isn’t unusual for all types of cloud-based companies to have in their privacy policies, because ByteDance is in China, it takes on a whole other meaning than it would for a UK or US company.
Where is TikTok Data Stored?
TikTok’s users policy for the US mentioned data being stored on servers in Singapore of the US, and not in China.
All in all, as with any data collecting and sharing app, you should be careful about company data sharing space with them. One way to stay more secure is through the use of a mobile device manager to lock down device security.
Need Help with Mobile Device Security?
NMX IT Solutions can help your Thames Valley area business ensure your data is not being put at risk from apps that may be gathering more data than you realise.
Contact us today to schedule your consultation! Call 01628 232300 or reach out online.