By Trevor Morgan

Designed for short video clips of content, TikTok is a new form of social media consumption that has taken the world by storm. This quickly growing China-based app has been at the forefront of smart-phone entertainment as of late, specifically during quarantine. Scrolling through TikTok’s For You page may provide users with a much-needed chuckle. Have you seen the one of the undercover bunny sending Valentine’s Day hugs?

However, after reviewing the content some users post, thoroughly examining its privacy policy, and understanding its international implications, some laughing may fall to the wayside. From an open source intelligence perspective, this novelty app provides researchers and investigators with a plethora of knowledge and useful information. On the user end, it might not be all fun and games.

In this new blog series, Hg’s investigative analyst Trevor Morgan walks readers through TikTok basics and then discusses concerns related to surface level data, privacy breaches, and global security.

Global Security Concerns

TikTok is on a global stage with an ever-shining spotlight directed on its affiliation to China. Is it a problem that TikTok is based in China? Does it pose a global security concern? In 2017, the Republic of China passed a law that requires Chinese companies to comply with government intelligence agencies, if asked or subpoenaed. These companies have limited options to refute data requests from the Chinese government—they must abide by the law. The questions at hand are: Where are the data going, and how much control does the Chinese government yield? Understanding the already present monitoring practices is imperative for answering these questions.

Not only has it been suggested that TikTok monitors American videos and data, it was reported that videos opposing the Chinese government are often censored. As reported in The Guardian (2019), TikTok asks its moderators to censor videos that mention Tiananmen Square, Tibetan independence, and other Chinese-specific terms. Further, The Guardian claims that TikTok is spreading Chinese foreign policies throughout the app. A spokesperson at parent company ByteDance denied the suppression of information. However, they stated that even though politically driven videos are allowed, they are not frequently shared on users’ FYP to maintain a fun environment.

In October 2019, U.S. Senator Marco Rubio called for a national security review of TikTok. A month later, it was reported that the Committee on Foreign Investment in the United States will review allegations of China obtaining data from its American TikTok users. However, in December 2019, it was reported that a United States college student filed a class-action lawsuit against TikTok for allegedly relocating her private data to servers in China, including her private messages, contacts, browsing histories, and IP address.

These headlines were just the tip of the iceberg.

While under fire for the reckless handling of consumer data, TikTok was caught gaining access to user’s clipboards when a beta version of Apple iOS 14 was released in June 2020. Following this, backlash ensued and the hactivist group Anonymous released a statement on July 1, 2020, reading, “Delete TikTok now; If you know someone using it, explain to them it is essentially malware operated by the Chinese government running a massive spying operation.” This story, in correlation with a viral Reddit post detailing the vulnerabilities of TikTok, creates an international narrative of unsafe software. Specifically, Reddit user r/Bangerlol claimed to have successfully reverse-engineered the app, stating that it is a front for collecting user data. All of these factors have gained widespread attention on social media, news outlets, chan boards, forums, and other resources.

This brings us to today.

In July 2020, it was reported that the U.S. was considering banning TikTok and other Chinese social media apps due to these alleged privacy concerns. Doing so would follow the lead of India, which banned TikTok and other well-known Chinese apps just a week prior. The Indian government stated that the video app posed a threat to their sovereignty and integrity, and just like that, it was removed from their app stores. The Trump administration had brokered a deal that would have paved the way for U.S.-based Walmart and Oracle to take a large stake in TikTok. As of February 11, 2021, the new Biden administration announced the implementation of a “broader review” of Chinese technology companies and their potential threats to American national security. The White House also announced shelving the proposed U.S. take-over of TikTok “indefinitely.”

Hg’s Word to the Wise

Since its 2016 creation, TikTok has left a rather substantial footprint on modern day social networking. The clout-chasing teenager likely considers this a positive. Viewed through an analytical, research-focused lens, it could be potentially dangerous. With your TikTok account, be wary of the content you post and data you share. If you are planning to use it as an open source intelligence (OSINT) tool, remember the tips mentioned in this blog series and always dissect the videos for hidden bits of intelligence. If you use TikTok only to watch cute puppies and dance along to viral video trends, then cheers to you.

While TikTok’s potential threats to national security are analyzed under the broader scope of U.S. national security, ongoing concerns, Redditt chatter, and lawsuits are bound to continue. So, too, are billions of pandemic-weary viewings of cute puppies, mewing kittens, and romantic bunnies.

Are you an analyst or investigator looking for advanced OSINT training on risk assessment and risk monitoring? If so, check out Hg’s webinar series on social media investigative training, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your investigative skills.

 

Are you concerned about your company’s or employees’ points of vulnerability through online and open sources? Our skilled analysts are experts at removing personal information that puts you, your business partners, and your family at risk. Learn how our team can assist you in assessing and monitoring your risks. 

 


Trevor Morgan is an investigative analyst at Hetherington Group, where he uses his open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. He is a contributing writer to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On his lunch break, he can be found outside playing frisbee with his four-legged colleagues.