Kevin Beaver's Security Blog

TikTok app privacy. Is it really a big deal?

I was recently interviewed for a news segment about privacy concerns over TikTok…is it a problem? What makes it different from typical social media data collection?

First off, I’m still trying to figure out more about the story behind TikTok bypassing Android’s controls and accessing MAC addresses….and why Google didn’t do anything about it and, really, why that exploit is available in the first place…That could be a big deal.

Beyond that, I’m not sure that it’s any different than the data collection concerns we’ve had of the mainstream tech giants. It’s probably not nearly as bad as some of the other rogue apps that often make their way onto the app stores. Perhaps President Trump has some additional intelligence on TikTok. If so, maybe it’s a legitimate concern. If not, this is likely more a political statement more than anything else, especially given the president’s record on flying by the seat of his pants decision-making.

Certain security issues have been uncovered in TikTok recently but those could be due to sloppy coding practices or lax security standards. Not unlike the recent security and privacy concerns with Zoom, it seems that TikTok is taking steps to address those issues.

For consumers and business IT security managers alike, it’s a good idea to see what permissions the TikTok app has on your phone – especially as it relates to contacts, messaging, and location data…even when the app is not running.

Knowing what I know from working in the field of information security, I think it could be argued that these concerns are reasonable. Still, it’s likely more of a distraction than anything else. Americans have much greater threats they’re facing in terms of privacy and liberty – one of which is their own government – local, state, and federal.