Is TikTok Spying on You? New Research Claims it’s Possible
September 09, 2022 | 5 minutes read
While the notion of smartphones and mobile applications that contain features that allow major technology companies to spy on their respective users has been prevalent for many years now, there has been little tangible proof of such claims. To illustrate this point further, a national phone survey that was conducted by Consumer Reports, an American nonprofit consumer organization that focuses on consumer research and independent product testing, asked 1000 adults around the country whether they believed their cell phone had the ability to record their conversations without their consent. Likewise, the results of this survey found that 43% of respondents felt as though such an invasion of privacy was indeed possible.
Nevertheless, Felix Krause, a security researcher who has “published various privacy-related essays on the iOS permission system,” has claimed that the popular short-form video sharing and social media platform TikTok contains code that could allow the company to effectively monitor the activities of consumers that are using the application, even when these consumers are redirected to third-party websites and applications when using TikTok. To this end, Krause has also posited that TikTok can monitor any keystrokes that a user makes when navigating the application, which would invariably give the app the ability to access the personal information of their users, including credit card information and login credentials, among other things.
TikTok and privacy concerns
Felix Krause is far from the first person to have suggested that TikTok can spy on its users, as several allegations made in the past year alone also express similar sentiments. For example, news reports that broke this past Tuesday stated that a hacker known as “AgainstTheWest” claimed to have breached TikTok’s security systems and made off with the personal information of more than 1 billion users. However, in contrast to many other reported data breaches, there is a great level of uncertainty as to whether TikTok was involved in a data breach this past week. Subsequently, arguments have been made on both sides as it concerns the legitimacy of the data breach that TikTok reportedly sustained.
On the one hand, BeeHive Cybersecurity, a cybersecurity research firm, sent a direct message to the American online media company Insider which claimed that “they believe AgainstTheWest’s hacking claims are “trustworthy” and that the hacker has garnered respect in the cybersecurity community.” Conversely, a moderator that serves on the breach detection platform BreachForums, a prominent data breach discussion and leaks forum that served as the vehicle for the recent data breach claims that have been levied against TikTok, countered the trustworthiness of these accusations by stating that “AgainstTheWest” has a “long history of lying about breaches and other things.”
Recurring accusations
In addition to the recent data breach that TikTok alleged experienced this week, there have been other findings made in the past year that claim that personal data pertaining to users within the U.S. was being consistently accessed by the company’s numerous China-based employees and executives. To this point, TikTok has countered public criticism and critiques about their data protection practices by asserting that any personal information that is collected from American citizens would never be stored outside of the country and that employees that were based in China had no means to access this information. However, leaked audio recordings from several internal TikTok meetings cast doubt on this fact, as these messages conflicted with the premise that TikTok was solely storing the personal information of American users within the U.S.
More specifically, in an article that was published by CNBC in June of last year by Salvador Rodriguez, a journalist who is currently employed by the Wall Street Journal, obtained information and insights from a TikTok recruiter who “told CNBC they’re concerned about the popular social media app’s Chinese parent company, which they say has access to American user data and is actively involved in the Los Angeles company’s decision-making and product development. These people asked to remain anonymous for fear of retribution from the company.” This is in spite of the fact that a TikTok executive’s sworn testimony claimed that all decisions concerning the data of American users of the social media platform were being made by a “world-renowned, US-based security team.”
Proposed TikTok bans
Due in large part to the inconsistencies that have been observed regarding TikTok’s personal privacy and data security practices, many politicians across the U.S., on both sides of the political spectrum, have called for the social media company to be banned from America altogether. For example, former president Donald Trump publicly stated in 2020 that he felt the company should be prohibited from interacting with U.S. citizens, as he felt the mobile application represented a significant security risk. Alternatively, FCC Commissioner Brendan Carr also called on U.S. regulators to ban TikTok, in conjunction with the same security risk concerns that have also been expressed by Trump and others around the country.
While Felix Krause maintains that TikTok’s code does have the functionality to monitor the activities of the application’s billions of users, he also points out that this fact does not necessarily mean that the social media company is actually doing so. Nonetheless, TikTok has joined the ranks of other large-scale multinational technology companies that have been accused of violating the data protection and personal privacy rights of the world’s consumers in the past decade, as public perception regarding the company has inevitably been damaged in the last year. For this reason, many American consumers may be correct in their concerns about some of their cellphone applications spying on them.