In December, the U.S. Army went from using TikTok to recruit young people to banning its soldiers from having the app on government phones. An Army spokesperson called TikTok a “cyber threat.”
But you don’t have to work at a federal government agency or have “classified top secret spy stuff,” to have sensitive information that is at risk, said Guy Garrett, assistant director of the Center for Cybersecurity at the University of West Florida.
Chinese-owned short-form video app TikTok continues to face scrutiny from American politicians over security concerns. Late Thursday night, President Donald Trump signed an order to ban TikTok from doing business in the U.S. in 45 days unless an American company buys it.
Garrett spoke with the Tampa Bay Times to share what cybersecurity experts think.
To start, most people accept terms and conditions for apps without taking the time to read what they are signing. In order to download TikTok, users give the app permission to access phone and social network contacts, location data and messages sent on the platform. The app also gets permission to record keystroke patterns and swipes, meaning they have access to what you type on your phone (including passwords). If hackers were able to access this kind of user data stored by TikTok, they could use that information to log into accounts, Garrett said.
There are similar privacy issues issues with American companies like Facebook and Google, which try to make money by selling products to users. In the process, these companies create a profile associated with each user.
“And if someone else got ahold of that marketing information, they could potentially use that to do something that wouldn’t be so nice,” Garrett said. “And in some cases, blackmail.”
While there are plenty of domestic tech companies with questionable data and privacy issues, Garrett said politicians are picking on TikTok because of the China connection.
“When you start to talk about products that are developed in nation states that are not friendly to the United States... you have to be extra careful,” Garrett said. “And you have to be thinking, ‘who is getting this information? What do they do with it?’”
“It’s just a matter of what level of risk are you going to take,” Garrett said.
“You’re going to be sharing. You can’t avoid it, unless you go live out in the woods like Grizzly Adams. But the bottom line is you have to realize what you’re sharing and not reading those agreements, especially the privacy policies, is a big problem.”