Tick tock for TikTok. While the Chinese-owned video app has flirted with a U.S. ban before, this is starting to look like the real deal. TikTok just can’t shake the taint of its ownership and the alleged risk that China is picking through all that U.S. metadata to push its political agenda on the 170 million U.S. users.
Per The New York Times, lawmakers are concerned that TikTok’s owner, ByteDance, “may put sensitive user data, like location information, into the hands of the Chinese government. They have pointed to laws that allow the Chinese government to secretly demand data from Chinese companies and citizens for intelligence-gathering operations.” The net result, The Times reports, is that “TikTok’s future in the U.S. is in serious jeopardy.” A ban could hit as soon as mid-January.
While U.S. TikTok users—including the many thousands of people generating some income from the site—will be left stranded, the U.S. ban will also concern the billion-plus users outside the U.S. worried by this drastic move. All the more reason to ensure your account is properly set up, that you are not sending unnecessary data to TikTok and its Chinese owners, and that you are not risking the loss of your account.
This last point is critical. Malicious hackers love an event they can use as a lure to trick users into sharing their usernames and passwords. You can assume that as a ban approaches, you will be inundated with emails, texts and social media messages promoting to safeguard or move your account if you click on a link or download a new app or update. Don’t do any of these things—change your security settings now; don’t wait and risk losing your account to a hacker.
The reality is that there is nothing you can do to stop TikTok and its ownership from accessing the data harvested by the app on your phone. And if that data is sent to China and accessed by others, there’s little you can do about that either. That’s down to policy and data sovereignty assurances, over which you have no control.
But you can place some restrictions on what the app can collect from your phone and you can ensure your account is secure. In the app and privacy settings on your iPhone or Android, you can disable location services as you can in the app itself. The app will still try to infer your approximate location, but that’s less risky.
You also need to beware if you enable any contact syncing with Facebook, as that provides more metadata and information around your personal networks. Similarly, restrict access to contacts through your phone settings. You should also disable access to the microphone and camera if you don’t use those with the app, and you should limit access to your media album, selecting only the videos you choose to share.
As for your account itself, in the app you should go into “Security & Permissions” and check there are no devices accessing your account that are not your own. You should also check if any apps are accessing your TikTok account that you didn’t deliberately connect. And as with all apps, you should set up two-factor authentication, or “2-step verification” as TikTok describes it, to force new logins to use more than just your password. You will need to select two separate verification methods. An authenticator app is best.
What happens if and when the TikTok is banned is unclear. It’s very likely there will be a set of delays and proposed new measures. As for whether the app will suddenly disappear from your phone, The Times says “probably not,” and I agree. But it warns that “the law would penalize internet service providers and app store companies like Apple and Google for distributing or updating TikTok on app stores. So the TikTok app would probably degrade over time, slowly becoming unusable.”
Security professionals are rarely fans of TikTok given its ownership and extensive data harvesting—no different to other social media apps on your phone. As ESET’s Jake Moore says, “the best way to secure your TikTok account is to delete your account and remove the app from your phone but this may not appeal to everyone.”
Assuming you want to keep your account, Moore’s advice is clear-cut. “TikTok accounts are connected to your phone number which adds a layer of security to the account. However, two step verification is also offered in multiple ways including adding your email address, via SMS as well as by using an authenticator app which is the preferred way to authenticate. You can also set up trusted devices where the safest way is to remove all devices other than the device you are currently using.”
Make sure you secure your account now, before the surge in cyberattacks begins over the coming weeks. Meantime, as The Hill says, “the popular social media app’s fate now rests in the hands of the Supreme Court and the incoming Trump administration, which has offered tepid support at-best for TikTok in the wake of the election.” Tick-tock for TikTok, it seems, is now just a few weeks away.