A pair of computer security experts from Edith Cowan University (ECU) in Perth, Australia, are raising concerns regarding the safety of data collected from TikTok users, speculating on the possibility that it is being harvested for the Chinese Communist Party.
Paul Haskell-Dowland, associate dean of computing and security, and James Jin Kang, a lecturer in computing and security, co-authored an article in The South China Morning Post, in which they noted that a pair of Australian MPs have already begun the push to ban the popular social media app in the country.
Liberal Senator Jim Molan and a federal MP have voiced their opposition to the app, with Molan saying it was being “used and abused” by the Chinese government, and a third Senator — the Labor Party’s Jenny McAllister — expressed concern and said representatives of TikTok parent company ByteDance should face the Select Committee on Foreign Interference Through Social Media.
With a growing user base of 1.6 million in Australia, Haskell-Dowland and Jin Kang highlight concerns over exactly what kind of data the app collects, in addition to the several permissions users grant during the registration process which includes the use of the camera, microphone and contact list.
The pair point to a class-action lawsuit filed against the company in California that alleges it also collected users’ phone numbers, emails, location data, IP addresses and social network contacts, and biometric data, and continued to collect the data even after the user closed the app.
With regards to where the data is stored, TikTok Australia General Manager Lee Hunter has stated that though the company is headquartered in Beijing, data is kept on servers in Singapore, and ByteDance has also officially said that the company servers are in the U.S. and Singapore, asserting, “Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.”
The authors go on to say that the possibility also exists that if Chinese authorities wanted to, they could potentially use facial recognition software and machine learning to extract biometric data and map rooms and locations from a user’s video, which could then be used to construct deepfakes.
Finally, the issue of actually banning TikTok is addressed, with Haskell-Dowland and Jin Kang writing that though the Australian government could ban the app by having it removed from app stores in the country — as has already been done by the government of India, for example — and even if ISPs agree to block access to the app’s servers and websites, users would still be able to download TikTok using VPNs or proxies, and any data already collected would remain stored in its servers.
Source: The South China Morning Post
July 8, 2020 – by Tony Bitzionis