Time has run out for those U.S. Army service members who were using TikTok. On December 30, the U.S. Army announced that it had reversed its policy on the popular Chinese social media app.
“It is considered a cyber threat,” Lt. Colonel Robin Ochoa, U.S. Army spokesperson, said earlier this week. “We do not allow it on government phones.”
In October of last year, Senators Charles Schumer (D-N.Y.) and Tom Cotton (R-Ark.) called for U.S. intelligence officials to investigate TikTok over concerns that the Chinese-owned social media app might pose a risk to national security.
In the letter to Joseph Maguire, acting director of national intelligence at the Office of the Director of National Intelligence (ODNI), the senators wrote, “TikTok is owned by Beijing-based technology company ByteDance, which operates several other content platforms in China. ByteDance regards its platforms as part of an artificial intelligence company powered by algorithms that ‘learn’ each user’s interests and preferences through repeat interaction.”
The letter also addressed TikTok’s terms of service and privacy policies, describing how the app collects data from users, including content and communications as well as IP address, location-related data and other “sensitive personal information.”
Last month the Army began advising its soldiers and other personnel to stop using TikTok on all government-owned handsets and devices. The United States Navy has put out similar guidelines and announced a ban of TikTok on all government devices.
On December 16 a Defense Department Cyber Awareness Message identified “TikTok as having potential security risks associated with its use,” directed all Department of Defense (DoD) employees to be “wary of applications you download, monitor your phones for unusual and unsolicited texts, etc. and delete them immediately and uninstall TikTok to circumvent any exposure of personal information.”
It is important to note that this ban is for government devices, and the U.S. military and DoD has not banned anyone from using TikTok on their personal devices. However, the U.S. Army has recommended to personnel to be cautious of random and unfamiliar text messages. The DoD has also issued social media guidelines over the years to advise all personnel to proceed with extreme caution with all social media platforms.
“The U.S. Army’s decision to ban TikTok is yet another sign of the growing suspicion and mistrust U.S. authorities feel towards the Chinese-developed social media platform,” Ray Walsh, data privacy advocate at ProPrivacy.com, told ClearanceJobs via an email.
“Any time an app like this becomes so popular, so quickly, and is owned by a company in a country from which state-sponsored cyber attacks on the US are the norm, it is important to be very cautious about where it is being used and what devices it is installed on,” said Erich Kron, security awareness advocate at KnowBe4.
“Throughout my active duty service in the U.S. Navy and my almost 10 years as a US Army contractor, the importance of OPSEC, or Operational Security has been emphasized,” Kron told ClearanceJobs. “The information this app collects, if it were to get in the wrong hands, could seriously compromise OPSEC to include troop movements and locations and other potentially sensitive information.”
TikTok is already known to have “unsettling privacy features” that could be difficult to shore up properly, and some believe the application captures user data and sends it back to China, noted Walsh, who added, “For military personnel – who could potentially be placed under surveillance by TikTok on behalf of the Chinese government – the risk of corporate espionage is elevated and the idea that user videos could be harvested, even if they are not posted, is highly concerning.”
The privacy concerns shouldn’t be limited to those in the military. Those in the government, working for government contractors, or just anyone with privacy concerns should be wary of the app.
“Any U.S. citizens that use TikTok needs to be aware of the app’s Chinese roots, and they need to consider carefully where their data is being accumulated, especially considering that TikTok is believed to store and send back user videos made with the app, regardless of whether they are posted or not,” said Walsh. “Apps of this nature are known to produce a database about users and their interests. In the case of TikTok, that data is being sent back to China – where it is being amassed for potentially nefarious purposes.”
More Than a Privacy Issue
This isn’t the first time the U.S. military or federal government have had to ban a popular device or piece of software, and in this case it could be well justified.
“With the popularity of TikTok, the soldiers are using the app to make videos which could potentially and inadvertently reveal locations of bases that are meant to be kept secret,” explained James McQuiggan, security awareness advocate at KnowBe4.
“Rather than take the risk of information being released for anyone to see, including US enemies, the U.S. Army implements the ban to protect the soldiers’ lives and those who they’re trying to protect,” McQuiggan told ClearanceJobs.
The issue isn’t just the app, it’s the access it is giving to the user’s entire device. TikTok can access the camera and microphone of users, as well as images on the device, and depending on how a user signs in, send tracking access to one’s Google, Facebook or Instagram accounts.
“Providing access to this information which is available for the government capabilities of China, is a risk to the U.S. intelligence, military and organizations may not wish to accept,” said McQuiggan.
“This is a ban on government-issued devices, not personal devices and TikTok is an entertainment application that has virtually no business use on a government-issued device,” added Kron. “For this reason, I believe it is absolutely prudent that the U.S. Army has made this call.”
TikTok’s Reach
The video-sharing social media and networking service was launched in September 2016 by ByteDance, a Beijing-based firm that was founded four years earlier. The video is used to create short lip-sync, comedy and talent videos – and in 2017 it was released for Apple’s iOS and Google’s Android outside of China.
The app is available in 40 languages and according to online reports has more than 500 million active users worldwide. It has an engagement rate of 29% and as of July 2018, TikTok users spent an average 52 minutes per day on the app.
Its reach with “Generation-Z” had been noted by the U.S. military, which had used the app as a recruiting tool as recently as this past November. The U.S. Army Recruiting Command had begun to utilize the app in 2018 as part of a greater social marketing effort.
The fact that the U.S. military saw the app as a recruiting tool, even as there were concerns, could be seen as problematic if not somewhat ironic.
“The world is full of paradox and complexity today, and nobody is shielded from this reality,” said Josh Crandall, principal analyst at Netpop Research. “Now that social media applications are part of the international espionage arsenals, everybody can be a target, and that’s frightening. Humans are apt to make mistakes, and consumer applications that mask their true intentions make it that much easier for foreign powers and bad actors to take advantage of our lapses in attention and honest mistakes. The U.S. Army is smart to ban the use of TikTok by its recruits. Who knows how many in the Chinese People’s Liberation Army are scanning signals for useful intelligence? Or, worse yet, using the app to backdoor into deeper functionality in the phone.”
The prevalence of TikTok is a direct capitalization on Generation Z’s widespread use of online video, often in lieu of traditional television programming.
“The U.S. Army continues to use TikTok as a recruitment channel by advertising to potential recruits via the popular app,” Crandall told ClearanceJobs. “It’s a nod to the complex nature of today’s world. Why not make use of the app and make it a learning moment? Imagine an advertisement that highlighted the use of social media apps for espionage and how you can make a difference for your country by enlisting in an intelligence career for the U.S. Army.”
The final consideration is that even with a ban on government devices, TikTok is just the latest example of how some apps could still pose a danger to national security warned Crandall. “Unless the U.S. prevents TikTok from operating entirely in the country, the Armed Forces should do what it can to educate our population to better defend itself, no matter if that means lights out after dark during WWII, or play it safe when using social media apps developed by hostile regimes.”