India and the US Military has banned TikTok – Should You?

Image: Should TikTok be Banned?

Should you ban your employees from using TikTok in the workplace? Data security and privacy concerns have led the US Military, India, and other government entities to ban the use of the app on their devices. In this article I’ll break down the bans that are currently in effect, the types of data that TikTok collects, and the data privacy and security concerns that have led to these bans. 

What is TikTok, anyway?

TikTok is a video-sharing social media app owned by ByteDance, a Chinese internet technology company. Users of the app film short-form videos ranging from dances, lip-syncing, comedy skits, and other creative clips. According to a report from Sensor Tower, TikTok has been downloaded nearly 2 billion times since its launch in 2012. ByteDance also operates a China-exclusive version of TikTok known as Douyin.

Where has TikTok been banned?

Bans of the popular social media platform amid privacy and security concerns are on the rise, with India’s recent banning being a high-profile example. 

  • India: India has banned over 59 apps with connections to China, including TikTok. These bans are thought to be heavily motivated both by general privacy and security concerns and recent deaths caused by the ongoing stand-off along the Line of Actual Control (LAC) in Ladakh between the Chinese PLA (People Liberation Army) and the Indian Army.
  • US Military: Branches of the US military have enforced the banning of TikTok from all government-issued devices and strongly encourages its members to refrain from using the app on personal devices.
  • US Government: While no official ban has been implemented, there are currently bills in place that aim to prevent federal employees from downloading and using the app on government-issued devices.
  • US Department of Homeland Security: The DHS has banned TikTok from its devices.
  • The TSA: The Transportation Security Administration has banned employees from representing the company on TikTok when taking part in the agency’s social media engagement efforts.
  • Australian Military: The Australian Defence Force (ADF) followed suit alongside the USA in banning TikTok from use on government-supplied devices.

The list of parties concerned with TikTok’s data privacy and security continues to grow. In June 2020, the European Data Protection Board (EDPB) announced that it will be assembling a task force to examine TikTok’s user privacy and security practices.

Is TikTok getting banned in the USA?

Despite the TSA and military bans, there are no definitive plans to ban TikTok and other apps with connections to China at a country-wide level. Secretary of State Mike Pompeo was recently asked if the USA will be considering banning Chinese-owned apps such as TikTok, which he responded to by stating “I don’t want to get out in front of the president, but it’s something we’re looking at”

Why is TikTok banned?

Photo by Francesco Ungaro from Pexels

There are growing concerns about data collection through TikTok such as facial recognition, location data, and A.I. based image scanning can be used for nefarious purposes should Bytedance be compelled to share that data with the Chinese government. These concerns have led some to wonder if TikTok is less of a social media app and more of a probable remote spying software to surveil foreign citizens.

US senators and data privacy advocates alike are concerned that the quantity of data collected by TikTok could potentially be shared with the Chinese government due to China’s history of data collection, monitoring online activity of their citizens, and internet censorship (the “Great Firewall of China”). 

At the Social 2030 conference, it was revealed that Reddit’s CEO Steve Huffman considers the app to be remote spy software, with him stating “I actively tell people, ‘Don’t install that spyware on your phone’” and that he thinks that the app is “fundamentally parasitic”.

“I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone”

Steve Huffman, Reddit CEO

TikTok released a statement clarifying their user data collection and sharing practices

Where TikTok stores it’s US user data & it’s stance on Chinese law:

“We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.

TikTok’s stance on censorship and providing information to the Chinese government:

TikTok does not remove content based on sensitivities related to China. We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period. Our US moderation team, which is led out of California, reviews content for adherence to our US policies – just like other US companies in our space. We are not influenced by any foreign government, including the Chinese government; TikTok does not operate in China, nor do we have any intention of doing so in the future.”

What kind of data does TikTok collect?

“TikTok is essentially malware that is targeting children”

Statement by Reddit user bangorlol after reverse-engineering TikTok to see the data it collects from its users

Officially speaking, highlights from TikTok’s Privacy Policy states the app collects the following:

  • Your IP address
  • Your browsing history in the app (i.e. the content you have viewed on the Platform)
  • Your mobile carrier
  • Your time zone settings
  • An identifier for advertising purposes
  • The version of the app you are using
  • The model of your device
  • Your device system
  • The network type you are using
  • Your device ID
  • Your screen resolution and operating system
  • The messages you send to other users on the app

However, a crowd-sourced team of software engineers and cybersecurity community members have been actively reverse engineering the app to learn more about what the app is collecting. Much of the findings have come from a Reddit user by the name of bangorlol. Here are the highlights of his reddit comment:

“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.”

  • They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication
  • There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
  • They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level.
  • For what it’s worth I’ve reversed the Instagram, Facebook, Reddit, and Twitter apps. They don’t collect anywhere near the same amount of data that TikTok does, and they sure as hell aren’t outright trying to hide exactly what’s being sent like TikTok is.

Should I let my employees use TikTok in the workplace?

Photo by Andrea Piacquadio from Pexels

There’s no doubt that TikTok is used in the workplace by employees. Viral videos of employees performing dances and comedy skits while in uniform or sharing insights into their day-to-day work life are quite popular on the app. Whether or not you decide to enforce a ban of the app on company-provided devices will depend on a few factors

Should you block employees from accessing TikTok in the workplace?

  • Productivity: Employers with productivity concerns should know that while TikTok is available through web browsers, it is most commonly used as a mobile phone app. Employees using personal devices in the workplace could be using TikTok during working hours using their own data plans.
  • Privacy & Security: Research from cybersecurity research firm Penetrum has raised concerns regarding potential vulnerabilities of the app. On company-provided devices, there may also be cause for concern regarding the data that TikTok is able to collect and share with third parties. 
  • Company Reputation: While most TikTok videos of employees in uniform are well received, from a brand reputation perspective there may be concerns that employees may not represent their company in a professional light.

How to block TikTok in the workplace

CurrentWare BrowseControl category filtering blocked list.
BrowseControl is a website blocking software that is used to restrict internet access

For employers that would like to follow suit with India and the US military, there are ways of enforcing the ban of TikTok on company-provided devices.

  • Website Blocking Software: Block access to TikTok on laptops and workstations by adding domains related to TikTok to the blacklist of your web filter.
  • Internet Access Monitoring Software: You can find out whether or not TikTok is being used on company-provided devices with an internet usage monitor that reports sites visited by employees.
  • Block Apps: For company-provided cell phones, a mobile device management solution can be installed to enforce a blocking of TikTok and monitor user activity for attempts to bypass application policies.
  • Acceptable Use Policies: An acceptable use of technology policy will set clear expectations regarding the use of TikTok in the workplace. In the policy you can include guidelines for representing the company on social media and whether or not the app is permitted for use during work hours.

These very same practices will apply when you decide to block any other potentially dangerous applications and websites in the workplace.

How to block Tiktok on computers

To block access to the browser version of TikTok, add these domains to your web filter:

  • tiktokv.com
  • tiktok.com
  • tiktokcdn.com
  • tiktok.org
  • tiktokcdn-com.akamaized.net

Don’t have a web filter?
Try a free trial of BrowseControl and start blocking Tiktok today.

How to block Tiktok on mobile phones

CurrentWare Gateway is an agentless, multi-platform internet filtering and monitoring solution that is used by businesses to manage their employee’s internet use in the workplace.

Once you’ve setup the CurrrentWare Gateway, simply add the above URLs to the web filter to block employees from using TikTok when they are connected to your company’s network.

Conclusion

The sheer amount of data collected by TikTok and the potential for them to be forced to share user data with the Chinese government has caused privacy and security concerns among federal governments. The recent bans from India and the US military may only be the start of such policy changes, with other governments potentially following suit. If you are concerned about the use of TikTok in the workplace you can block employee internet access to TikTok  and provide acceptable use policies that govern expectations on company-provided devices.

Dale Strickland
Dale Strickland
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.