The original concept of social media was about sharing, but probably not exactly in a way that some TikTok users likely expected. According to leaked audio from some 80 internal meetings at the Chinese-owned social media company, employees at TikTok’s parent company ByteDance were able to “repeatedly access U.S. users’ data for the last several months.”

It remains unclear how many users of the platform were actually impacted and more importantly if the Chinese government had access to the data, or even if it was used as part of any espionage program. However, lawmakers in the United States, as well as those in the intelligence community, have expressed concerns regarding TikTok’s data collection. A major worry is that it could include tracking of audio and location, which could be utilized by Beijing to gain access to information on U.S. citizens, including those in the uniform.

One notable concern is that TikTok has become increasingly popular among U.S. military service members, who use it to share photos that could be geo-tagged. These concerns were so great that the the last White House administration sought to ban the service entirely.

For its part, TikTok has claimed that U.S. user data is safe, yet the latest evidence suggests otherwise.

Go to the Tapes

Buzzfeed revealed earlier this week that it had been provided access to recordings from some 80 meetings, which involved dozens of TikTok employees, including engineers in China who claimed to have “had access to U.S. data between September 2021 and January 2022, at the very least.”

The recordings reportedly ranged from small-group meetings with company leaders, to policy all-hands presentations. Buzzfeed reported that the recordings have been corroborated via screenshots and other documents.

In one recording an employee of TikTok’s Trust and Safety department could be heard stating, “Everything is seen in China,” while another suggested he had “has access to everything.” Exactly what was meant by “everything” remains unclear, but it is certainly ominous sounding.

“Nobody should be surprised if U.S. user’s data was accessed,” explained technology industry analyst Roger Entner of Recon Analytics.

“What is important now is to find out if this was an individual being curious, an organized effort by the company for commercial reasons, or something more nefarious,” Entner told ClearanceJobs. “There is a lot of metadata available to the company that isn’t available to anyone else and in aggregate the data, especially facial recognition data is very valuable and can be easily abused.”

U.S. Military Ban on TikTok

The concerns over how TikTok stores data are not new. In 2019, the Defense Information Systems Agency (DISA) had recommended that all employees of the DoD refrain from using the popular social media app, while that same year, the Pentagon went so far as to ban service members from using TikTok on all government-issued devices.

Though the ban remains very much in place, military personnel can still download the app on their personal devices, which has set off alarm bells within the DoD. Yet, despite those security concerns, the app has been seen as a potential recruiting tool, especially given its popularity among members of Generation-Z.

That fact was met with concern from some lawmakers, and with some calling upon the U.S. Army to enforce its ban of TikTok for recruitment.

Given this recent news that China may be monitoring data on the platform, it is possible the DoD will do an about-face and could call for a complete ban on TikTok.

They All track Data!

Of course, TikTok is hardly alone in tracking user data, and it wouldn’t be the first time that U.S. citizens have had their personal data exposed via a smartphone. What makes TikTok more worrisome is that it isn’t about how to better direct ads to consumers, but how Beijing could use the information it gathers.

“Tik Tok can go down as one of the most ingenious malware installs of all time,” warned cybersecurity researcher Garret Grajek, CEO of YouAttest.

“With over billion downloads on Android alone and with a 550megabyte plus  footprint – there is no limit of what TikTok could be sending back to their C2 (command & control),” Grajek told ClearanceJobs. “The suspicion is real and the threat is worthy of more investigation.”

 

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at petersuciu@gmail.com.