September 2, 2020 Zachary Kitchen

Should We Worry About TikTok Being on Company Devices?

One of the social media apps that’s been in the spotlight thanks to the COVID-19 pandemic is TikTok. The app’s popularity grew dramatically as people stuck at home looked for new ways to connect and entertain themselves.

The app allows users to make short videos, add music and effects right in the app, and share their videos with the world.

Businesses also started exploring the video music app during the crisis, with some finding a whole new 21stcentury way to market their businesses and generate customers during a difficult time.

The problem is that TikTok is owned by a Chinese company and has raised some serious privacy concerns about what may actually happen with user data in the app. 

This had led to questions like: Is data being shared with the Chinese government? Can TikTok track user devices via GPS? What happens if an employee has work data on the same phone that they’ve installed the TikTok app?

The growth of the app has caused more scrutiny by everyone from the U.S. Armed Forces (who’ve banned the app) to individual companies wondering about their IT security if employees use the app on company devices.

TikTok has been downloaded about 165 million times in the US alone. We’ve taken a look at the latest controversy surrounding the app to help your Houston area business make an informed decision about its use on your devices.

What Do We Know About TikTok Security? 

There are two main concerns when it comes to TikTok, one is the fact that ByteDance, the company that created TikTok, is based in China, which means that the Chinese government could potentially require it to turn over user data.

The other concern has to do with security flaws that have been uncovered in the app. They’ve since been patched, but it brings overall security into question.

Here are some of the things we know about TikTok that you can use to decide on its use in your company or on your own personal smartphone.

Data Collection: IP Address, GPS Location and More

TikTok does collect quite a bit of user data, which is not uncommon with social media apps, but being common makes it no less invasive.

Depending upon the security settings you use, TikTok can collect the following types of data (you can see a full list on their Privacy Policy):

  • IP address
  • Location data, including GPS positioning
  • Your device information, including keystroke patterns, apps, and file names
  • Messages through the app
  • Cookies (tracking of webpages you visit, etc.)
  • Email
  • Phone number

The data collection itself should be a big red flag for businesses, especially the part about the information collected from mobile devices that install the app – file names and other apps you have. This alone might make companies think about banning the app.

Past App Security Issues

In January of 2020, security flaws were found in the app that could allow a hacker to gain control of a user’s TikTok account, obtain user information and upload videos on the user’s account.

To the company’s credit, it did address the security flaw once identified with a patch. Having a security vulnerability that can be exploited isn’t uncommon with many applications, which is why safeguards like patch management and multi-factor authentication are so important. 

TikTok’s Ties to the Chinese Government

The biggest fear is that the TikTok app, which may have initially been released for fun entertainment, could be used by the Chinese government for espionage purposes. 

The fact is that ByteDance, TikTok’s owner says that all their user data is stored outside of China on servers based in Singapore and the United states and that they aren’t under Chinese law.

However, ByteDance itself is a Chinese company and governed by Chinese law, so many feel that the servers being outside China won’t protect the data should it be requested by the government from ByteDance.

Currently, the White House has threatened to ban TikTok in the U.S. due to the potential threat of the app being used for espionage. Microsoft stepped in and is currently in talks to purchase the app from ByteDance, potentially eliminating the ties to China.

However, while TikTok remains under ByteDance control, the danger persists that app data may be shared with the government, and actually, the TikTok privacy policy doesn’t do anything to alleviate those concerns. It states:

“We may share your information with law enforcement agencies, public authorities or with other third parties only where we are legally required to do so or if such use is reasonably necessary.”

Even without the ties to China, the ByteDance app is one to be concerned about when it comes to company devices due to the types of data it collects, which could potentially be compromised by advertisers, third parties, or hackers.

How Are You Managing Your Mobile Device Security?

Do you have a good handle on mobile device use at your business? Digital Crisis can help you put a solid mobile device management strategy in place to ensure your business data isn’t left at risk. 

Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.

Let's make IT better.

Providing superior, high-quality, and professional I.T. services in the Houston Area.

Digital Crisis LLC

P.O. BOX 6527
Houston, Texas 77265

✉ contact@digitalcrisis.com

☎ (713) 965-7200

Business Hours
Mon-Fri 9 am-5 pm CST
Saturday & Sunday: Closed
Emergency Support: 24/7

contact-section