ByteDance Apps Under Scrutiny Explained

The U.S. House of Representatives has recently enacted a policy that bans the use of any apps developed by ByteDance, the parent company of TikTok, on government devices as of August 15th.

This policy extends to various apps including TikTok itself, as well as CapCut, Hypic, Lark, and Lemon8. This move is driven by concerns surrounding privacy and national security, given ByteDance’s base in Beijing and the implications of Chinese data laws.

Understanding the ByteDance App Ban

The recent decision by the U.S. House of Representatives to ban the use of ByteDance's TikTok and WeChat apps on government devices stems from legitimate national security concerns. As Chinese companies are legally obligated to provide data access to the Chinese government, it is prudent for government bodies and the military to avoid using apps that could expose confidential information.

While some argue this amounts to an overreach against Chinese companies or an escalation of U.S.-China tensions, the government must protect sensitive data from foreign surveillance, especially from strategic competitors. TikTok and WeChat have accumulated vast amounts of personal data from users, including private messages, contacts, location data and browsing habits. If accessed by Chinese authorities, this data could provide insights into government operations and the lives of officials and military personnel.

It is also worth considering the opaque legal system in China. The definition of national security is broad and laws are vaguely worded in a way that can compel full data cooperation from companies. There is little oversight or due process. This leaves a lot of room for potential misuse or overcollection of data beyond legitimate security purposes. For a government like the U.S. that handles highly classified information, this lack of transparency is understandably problematic.

However, an outright ban on these consumer apps for the general public would likely be an overreach. For average citizens and other non-government users, the risks may be relatively low and acceptable. A balance needs to be found that protects information where sensitivity is highest while not unduly limiting consumer choice or business activity. One option could be to block the installation of these apps on government devices but avoid a broader ban or demand for their removal from app stores.

Overall, while U.S-China tech tensions contribute as a background factor, the impetus for restrictions specifically on government use is logical and justified given the national security implications. As the lines between public and private sector data blur in the digital era, governments must thoughtfully consider supply chain risks and balance both security and economic priorities. The ByteDance ban for now achieves this careful balancing act.

The Privacy Concerns with ByteDance Apps

ByteDance’s apps, particularly TikTok, are known for their extensive data collection practices. TikTok, for instance, gathers a vast array of information from its users. This includes personal details such as names, email addresses, phone numbers, and locations. Beyond these basics, TikTok’s data collection extends to more intrusive elements such as:

• Device Information: This encompasses details about the device used, including its operating system and settings.
• Biometric Data: TikTok collects data related to users’ physical attributes, such as facial features and voice patterns.
• Purchasing History: The app monitors users’ buying habits, capturing information about items purchased through other platforms.
• Activities on Other Apps and Websites: Through embedded code, TikTok tracks users’ interactions and activities across different digital spaces.
• Files and Media: It monitors files, text, images, videos, and audio stored on the device. Metadata is extracted for further tracking.
• Keystroke Patterns: TikTok analyzes typing rhythms and patterns to build detailed user profiles.
• Video Content Analysis: Objects and landmarks in videos are scrutinized for additional data.
• Clipboard Content: TikTok can access and log clipboard content even when the app isn’t actively in use.
• Unencrypted Data Transfer: Initially, data from U.S. users was sent directly to servers in China without encryption, raising concerns about data security.

Although TikTok asserts that it now stores U.S. data domestically, the overarching control of ByteDance by its Chinese parent company continues to fuel apprehensions.

Concerns About Temu

Temu, a shopping app owned by PDD Holdings, another Chinese entity, also presents privacy risks. This app can access a range of user information based on permissions granted, including:

• Basic Permissions: Access to contacts, calendars, and photos, as well as tracking of notifications and system settings changes.
• Additional Permissions: Monitoring of social media accounts, messages, and private communications across various platforms.
• Device Identifiers and Usage Data: Collection of information related to device identifiers and usage patterns for targeted advertising and profiling.

Temu’s parent company has a history of problematic apps; one of their previous apps was removed from the Google Play store due to malware concerns.

Recommended Actions

While deleting TikTok and other ByteDance apps from personal devices provides the strongest safeguard against privacy and security risks, it may not always be a realistic option, as the apps have become ingrained in many users' daily lives and routines. For those unwilling or unable to fully remove the apps, some intermediate steps can help minimize potential vulnerabilities.

First, users should audit the types of permissions and access these apps have been granted. Features like device location tracking, camera/microphone access, and contact syncing should generally be disabled or limited unless specifically needed. Reducing unnecessary access permissions helps curb the overcollection of sensitive personal data.

Second, consider creating independent or "burner" user profiles within apps isolated from primary accounts. Log in with separate login credentials not tied to main email addresses or identities. This separates any activity or data generated within the app from a user's core digital footprint and online presence.

Third, use apps in "incognito" browser modes that don't retain data trails. Browse the web using TikTok and other ByteDance apps launched through incognito windows in a browser, avoiding storage of cookies, caches, and browsing history locally.

Finally, monitor apps closely for suspicious or unexplained network activity, unusual permission usage, or data uploads beyond what's expected from normal functions. This can help identify potential security issues early. As an additional defense, consider using a virtual private network (VPN) service on devices with these apps installed to further obscure online activity and data transmission trails.

With a layered approach balancing continued use and risk reduction, users can gain at least some protection even if fully deleting privacy-intrusive apps is not an option. Vigilance remains important.

The Bottom Lines

The U.S. House of Representatives’ ban on ByteDance apps from government devices highlights significant privacy and national security concerns.

The extensive data collection practices of TikTok and Temu, combined with the potential for data access by the Chinese government, underscore the need for cautious use of these applications. Users are encouraged to evaluate the implications of using these apps on their devices and consider removing them to protect their privacy and security.