THE CHINA CCP + TIKTOK (banned for USA military personnel): Beneath Its Fun Exterior Lies A Sinister Purpose (“fundamentally parasitic app that is always listening”)
Three years since TikTok was launched, the video-sharing social network grown rapidly to accumulate more than two billion downloads, one of the most popular apps of the moment, beating even Instagram or YouTube in consumption time in the United States, United Kingdom or Spain, particularly among younger age segments.
TikTok might be described as a repository of canned content to be conveniently remixed with user-created videos, a viral meme generating machine that makes users feel like rock stars, and has even been used as a way to coordinate protests against Donald Trump by sinking his COVID-19 comeback rally last week in Tulsa, as well as launching denial of inventory attacks on the US president’s merchandising site.
And of course if you dare to criticize TikTok, you’ll simply be told that you’re too old to understand it, that young people have different criteria to yours. Which is all well and good, but what is TikTok? How reliable are the criteria of young people?
Since then, the US armed forces have forbidden personnel from using it and describes it as a threat to cybersecurity. Israeli cybersecurity company Check Point has investigated it and concludes it has backdoors and major vulnerabilities, as well as overall security issues. The US government is also investigating it. Meanwhile, Reddit CEO and co-founder Steve Huffman describes it as a “fundamentally parasitic app that is always listening” and warns against installing what he calls “spyware”. Several child advocacy groups say it poses a clear risk to children. Apple claims it has caught TikTok using clipboard capture mechanisms to spy on millions of users.
Other investigations reveal that its content censorship standards are decided by the Chinese government and are clearly discriminatory. A cybersecurity expert who has reverse engineered the app warns people to stay away from it. In short, it’s not hard to find evidence of the problematic nature of TikTok. And yet it thrives, a time bomb in the making.
Why are so many people and institutions attacking a seemingly innocent app? Are we critics just a bunch of out of touch old fogeys?
I don’t believe so: TikTok is a very irresponsible company, dangerous by design. And not simply by carelessness, mistake or default: this is a deep and patent irresponsibility, a philosophy focused on the constant capture of all kinds of user data… the type of app you would expect from a Chinese company operating in China that makes a few cosmetic changes to adapt it to the West — if that — applying the same criteria and philosophy it does in China. In short, not recommendable for children or adults, particularly thanks to its sinister content recommendation system. And now under the benevolent guise of a Western CEO formerly at Disney.
All tools can be adapted to almost any use. Many young and not-so-young people who use TikTok today consider it fun, a fad, a way of expressing themselves, or even a vehicle for activism. But it’s not that, or at least it’s not really that. It’s dangerous, by design. It’s the application of Chinese philosophy on the internet — we want to see everything, know everything, analyze everything without limits — to a West where, apparently, we’re trying to put some kind of limits on it. It’s taken many years to recognize Facebook for what it is and to try to bring it into line through boycotts: we should act now to limit TikTok and its malevolent activities.
Have no illusions: beneath its seemingly innocent exterior, TikTok is a public danger. I have been teaching innovation for thirty years and open to all new ideas. I have nothing against China, a country I study closely, I have no interests in any of TikTok’s competitors: I speak on the basis of my analysis, my experience and what many other analysts have written. I’ve been saying it for a while, and everything I’m seeing and reading confirms my analysis. TikTok can’t be fixed: it’s problems lie in its very conception and the culture behind it. My advice is to avoid it like the plague. Don’t say you weren’t warned.
BACKGROUND: Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users
As I reported on June 23, Apple has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users’ devices. Once the new OS is released, users will be warned whenever an app reads the last thing copied to the clipboard. As I warned earlier this year, this is more than a theoretical risk for users, with countless apps already caught abusing their privacy in this way.
Worryingly, one of the apps caught snooping by security researchers Talal Haj Bakry and Tommy Mysk was China’s TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.
Well, maybe not. With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn’t stop this invasive practice back in April as promised after all.
Worse, the excuse has now changed.
According to TikTok, the issue is now “triggered by a feature designed to identify repetitive, spammy behavior,” and has told me that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” In other words: We’ve been caught doing something we shouldn’t, we’ve rushed out a fix.
TikTok also told me that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one. TikTok added that it “looks forward to welcoming outside experts to our Transparency Center later this year.”
When I covered the original TikTok clipboard issue, the company was adamant it was not their problem and related to an outdated library in their app. “The clipboard access issues,” a spokesperson told me, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”
TikTok assured me it was being fixed and questioned coverage that suggested this was an issue. “It’s a Google Ads SDK issue,” they assured again in a later email, “so we need to make the change in which version of that SDK we use. TikTok does not get access to the data, but we are updating regardless to resolve it.”
Now Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.
The most acute issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.
Earlier in the year, when TikTok was first exposed, the security researchers acknowledged that there was no way to tell what the app might be doing with user data, and its abuse was lost in the mix of many others. Now it’s feeling different. iOS users can relax, knowing that Apple’s latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.
“Apple dismissed the risks that we highlighted and explained that iOS already had mechanisms to counter all of the risks,” the researchers told me earlier this week. “But the mechanisms that Apple provided were not effective to protect user privacy.” Following their initial report, they explained, “there was a tremendous public interaction with the topic—not only iOS users, but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard.”
Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research. This latest news shows just how important a fix that will be.
All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.
Communist Party of China (CCP)
Comments are closed.