PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

Using TikTok is Bad Cybersecurity

Posted by Aaron R. Warner on Dec 16, 2022 1:55:22 PM
Find me on:

Any time we log in to socials, we should be cognizant of the information we're willing to reveal and how for-profit actors could use that personal data. Sharing our time, tastes, and feedback with online communities is what draws us to the apps, but it’s easy to “overspend” your seemingly limitless personal data in exchange for entertainment. The TikTok application is unlike its contemporaries because its information-gathering technology is steps ahead and much more powerful. That information is primarily used to tailor the user’s feed and promote engagement with targeted advertisements.  

Who is Behind TikTok? 

The tool, and the data it harvests from millions of global users, are owned by a combination of American venture capital powerhouses and the People’s Republic of China (PRC). ByteDance (the parent organization of TikTok) is financially backed by Kohlberg Kravis Roberts, SoftBank Group, Sequoia Capital, General Atlantic, and Hillhouse Capital Group.  

In April 2021, a state-owned enterprise owned by the Cyberspace Administration of China and China Media Group, the China Internet Investment Fund, purchased a 1% stake in ByteDance's main Chinese entity and placed a government official, Wu Shugang, on its board of directors.  

The growing concern related to TikTok is that historically, the PRC has been categorized as one of the nation-states that poses a potential threat to information security related to international politics. In this information age, data is power, and highly targeted social influence campaigns are extremely effective tools for the people behind them. If a proposed bipartisan bill is to pass in the United States, It will enforce restrictions that would also apply to any social media platform controlled by other US foreign adversaries, including Russia, Iran, North Korea, Cuba, and Venezuela.  

Who is Impacted?

On a more local scale, it’s clear that TikTok strongly influences and promotes engagement with young people. Kids aged 13 or younger are supposed to be protected by The Children's Online Privacy Protection Rule of 1998. This requirement states that "developers of child-focused apps cannot lawfully obtain the PII of children under 13 years of age without first obtaining verifiable consent from parents." It's virtually inevitable that ByteDance (the authors/owners of TikTok) regularly violates this statute. 

What are the Risks?

The legality and future of the app are yet to be determined. In the meantime, these are the risks you should understand as you consider your personal use of the app and for-profit, machine-learning-powered data-gathering apps: 

Browser Access

TikTok can use the in-app browser to inject JavaScript. This weakness means that the administrator of the tool, presumably in China, could force a user's phone to hack other systems on the same network or attempt to gather information using users' credentials from third-party websites. (banks, healthcare, work email, etc.) 
    • The Facebook, Amazon, Robinhood, or Snapchat apps do not use this feature 

Keylogging

TikTok includes a capable keylogger that enables the app to collect every stroke on the phone. Text messages, private emails, and anything you type can be collected through the tool.

Microphone & Camera

TikTok has the ability, with the user's consent, to access the microphone and camera on the user's device. 

Location Mapping 

TikTok tracks the user’s location and reports it back to the administrators. 

What do the Experts Say? 

In the service of uptime and privacy, ProCircular recommends that organizations forcibly block the installation and usage of TikTok in their environments. We would encourage private citizens to do the same.  

Cybersecurity Services in Iowa and Minnesota 

If you’re looking for accomplished experts to support your security posture, trust ProCircular. Proudly serving Iowa, Minnesota, and the entire Midwest, ProCircular is among the top cybersecurity companies in the nation. Our team can provide you with technical control and support, procedural development, and timely responses to whatever comes your way. 

Contact our experts at ProCircular, give us a call at 844-95-SECUR (73287) or email us at sales@procircular.com with any questions you have. 

Topics: Cybersecurity, Data Security, risk, Social Media

    ProCircular is a Full-Service Information Security Firm

    We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

    • Breached or hit with ransomware?
    • Don't know where to start? 
    • Looking to confirm your security with a third party?

    Secure your future with ProCircular.

    Recent Posts

    Subscribe to Email Updates