Time out for TikTok
The news that Chinese-owned video-sharing app TikTok is not approved for use on devices owned by Australia’s Department of Defence, as reported by the ABC, is hardly a surprise.
Defence’s default position on what apps it allows on its work phones is, in effect, that all apps are banned unless there’s a need for them and they pass a security test. Unsurprisingly, seeing how our defence personnel put their own spin on the ‘Haribo Challenge’ is not a top priority for the department.
The news follows a warning in mid-December from the Pentagon to various US military branches to remove the popular app from their phones. The Australian decision, as with the ban on the use of Chinese-owned app WeChat almost two years ago, is a no-brainer.
Like most social media apps—or any other app, for that matter—TikTok and WeChat require their users to agree to a startlingly invasive list of permissions. A recent analysis of TikTok’s privacy and data-collection policies revealed that it demands a worryingly high level of access to systems and information on both Android and Apple devices.
These include requiring full access to the device’s camera and microphone (hardly surprising for a video-sharing app) and its contact list, as well as detailed location data using GPS. The GPS tracking is ‘surprising’, say the researchers at security company Proofpoint who analysed the app, ‘especially as TikTok videos don’t obviously display location information’.
The metadata harvested from these apps can paint a vivid picture of what military personnel are up to, as the 2018 Strava app debacle uncovered by my ASPI colleague Nathan Ruser showed. The Strava case demonstrated, too, that an app doesn’t need to be owned by a foreign adversary for it to inadvertently pose a serious risk to military operational security.
But when the app is owned by a company operating in an authoritarian country, as TikTok’s owner ByteDance is, there are added risks to users, whether they’re military personnel or not. It’s those risks that prompted a full-scale pushback from US authorities as TikTok’s popularity rose in America.
The committee on foreign investment there has said the app could pose national security risks for Americans and possibly be used to influence or monitor them. In November, the New York Times reported that the US government ‘had evidence of the app sending data to China’. In a recent lawsuit in California, the plaintiff has alleged that TikTok transferred vast quantities of her private and personally identifiable data to servers in China.
TikTok has denied that its data is being sent back to Beijing, stating that all US user data is stored in the US, with backup redundancy in Singapore. But, as Proofpoint’s researchers pointed out, there’s no information on TikTok’s website about where data on users from other countries, including Australia, is stored.
Even if Australian users’ data is being stored in Singapore, ByteDance’s engineers, who are based in Beijing, would still need to access that data in order to continue to improve the app, as David Carroll, an associate professor of media design at Parsons School of Design, has argued.
Once it’s there in Beijing, it could be easily accessed by the authorities. After all, as is now well known (thanks in part to the Australian government’s decision to ban Huawei from taking part in the rollout of the national 5G mobile network), China’s National Intelligence Law from 2017 requires organisations and citizens to ‘support, assist and cooperate with the state intelligence work’.
The pushback against TikTok, which this Australian Defence ban has now played a small role in, has reportedly prompted internal discussions at ByteDance as to their best course of action. The options being canvassed at the moment, according to Bloomberg, range from an ‘aggressive legal defense and operational separation for TikTok’ to ‘sale of a majority stake’.
ByteDance, it seems, is determined to put as much daylight as possible between the company and Beijing. TikTok CEO Alex Zhu says he would turn down a request from President Xi Jinping himself to censor content on the app—an entirely meaningless claim, given that’s not even remotely how China’s censorship system works in practice.
A recent TikTok transparency report tested out another bit of sophistry. The report claimed there were zero takedown requests from China, but five from Australia. However, given that the version of TikTok that Australia has doesn’t work inside the Great Firewall of China, that’s hardly surprising at all.
Defence has clearly not been fooled by such obfuscations. That the company is now entirely captured by Beijing’s censorship and surveillance apparatus is beyond doubt. Only months ago, for example, Uyghurs in Xinjiang were using Douyin, the version of TikTok used within the Great Firewall, to shine a light on the brutal surveillance state.
Now, chillingly, those videos of despair have been expunged and replaced with shiny happy people holding hands.
This article was published by The Strategist.
Fergus Ryan is an analyst at ASPI’s International Cyber Policy Centre. He has worked in media and marketing roles in China and Australia for close to a decade and has published widely on Chinese technology, entertainment and media industries.
