Would you believe me if I tell you that the top-rated entertainment mobile App of the Year (TikTok) is a threat to everyone’s cybersecurity?
That’s what the US government and a few dozen organizations have tried to tell us since 2017 when parent company ByteDance acquired the app’s rights for $1 Billion (Musical.ly start-up).
ByteDance is a Chinese company, therefore, it has obligatory law command to share information with their political leaders.
Here’s where things get scary…
Threat #1 – Propaganda Everywhere on TikTok
US lawmakers fear the time when this app could become a major tool for Chinese propaganda. And it seems they’re preparing the ban-hammer for the App in the US.
Secretary of State, Mike Pompeo, stated this Monday (July 06) on Fox News:
“We are taking this very seriously. We are certainly looking at it. With respect to Chinese apps on peoples’ cellphones, the United States will get this one right too.”
All of this hatred attention started on November 25, when Feroza Aziz started to expose Chinese concentration camps for Uighurs, “innocent Muslims” allegedly kidnapped, raped and/or murdered.
The Chinese government denied such claims, by saying these camps only for Vocational Training into the Communist Party.
All videos were removed by TikTok, and the account of the 17-year old student was officially banned, until later retreat from the company.
The Guardian proves how Tibetan Independence messages being censored by the platform.
The Tiananmen Square Accident and the ban of religious group Falun Gong seems to be additional records of similar happenings
Other organizations as the Islamic State have been seen promoting propaganda (spread of political campaigns)
Threat #2 – Child Trafficking & Uncontrolled Explicit Content
TikTok is described as “China’s Facebook” by Business Insider.
With over 1 billion active users, it makes it the most-downloaded Chinese App in the US.
And like any other social media platform, privacy plays a big role. Luckily, users (especially parents) are becoming more concerned about it and warns children about the app’s use.
Quite necessary, when the sign-up process is easy and short, and the age restriction only limits under 13.
This has caught the attention of opposing sexual exploitation groups as the NCOSE.
Where they added TikTok inside the “dirty dozen” list of 2020 for lack of in-app reporting systems and sexually explicit content.
The app’s community guidelines and reporting options include pornography and nudity but has failed to act fast when needed.
Threat #3 – Accounts Hacked due to Cybersecurity Flaws
The cybersecurity firm Checkpoint was the one behind the discovery of vulnerabilities.
They found it was possible to fake the text-message feature inside the app to send malicious links.
Hackers would take absolute control over account’s to manipulate the content, uploading and deleting videos they wanted to.
Private information as the email address was also accessible through this method.
Fortunately, it was later patched (December,15)
The security found an alternative glitch where hackers could steal personal information saved to the account, including private email addresses and payment information.
All of these events needed a prepared statement, and Luke Deshotels (TikTok security engineer) was the one assured the company is “committed to protecting user data”.
But he’s not the one jumping to the rescue…
The Annonymous group was present in the #BlackLivesMatter protests due to the killing of George Floyd… They now decided to jump into the TikTok media scene with an aggressive statement as “Delete TikTok now.”
If we remember their act pattern, then it wouldn’t be a surprise if they proceed to name, shame and attack their app/website presence through DDoS (Distributed Denial of Service).
If the declarations from cybersecurity firms, USA and the latest Indian government ban of Chinese apps (TikTok being one) doesn’t alarm you… Then, I’m not sure what will.
Is there any solution?
We could avoid Chinese-built apps and phones, but it’s harder to create mass awareness on popular apps and companies that rule them.
Mass surveillance cannot be avoided if governments are responsible for it.
Educational programs about data collection and the amount of it we share online it’s a nice start.
Even, protecting our devices with free or paid tools would help.
But in the end, there is only a definitive solution for privacy and data collection: management and protection of your business assets, through IT optimization.
Doesn’t matter if we talk about PC, Laptop, Virtual servers, Networks, or smartphones… They all can be harmed by cybercriminals and big entities when they truly want it too.