Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.
China Could Be Using TikTok to Spy on Australians
As the global population continues to self-isolate to prevent and manage the spread of COVID-19, the number of people using social media is on the rise. Following the strict COVID-19 restrictions, Chinese video-sharing platform TikTok has seen explosive growth, particularly in Australia.
Dubbed as a “lip-syncing” application, TikTok — formerly known as Musical.ly — is a popular application with more than 1.6 million regular users in Australia alone. Typically used by women and girls between 16 and 24 years old, TikTok can be used to create short, 15-second lip-syncing videos, dancing clips and comedy skits for everyone to enjoy.
Sadly, the application isn’t all fun and games.
Recent allegations suggest that TikTok — owned by Beijing-based technology company ByteDance — is harvesting the data of its users on behalf of the Chinese Community Party (CCP). At the beginning of the month, the Herald Sun reported that an anonymous federal MP called for the application to be banned in Australia. PM Scott Morrison also stated that it was “right for people to have an increased awareness of where these platforms originated and the risks they present”.
In response to the statement, TikTok’s Australian general manager Lee Hunter sent a letter to Australian MPs claiming that the company was “caught in the middle of tensions” between some countries. This letter was sent on Monday, July 13, to “correct the record” regarding several “false claims” that have been made about TikTok in the past.
In the same letter, Lee Hunter mentioned that TikTok “does not provide user data to the Chinese government,” declaring that no government has access to its users’ data. The question is: Why is the Australian government closely investigating TikTok?
Denying the Allegations
At the beginning of July, Lee Hunter denied the allegations that TikTok was harvesting data and sharing it with the Chinese Government.
“TikTok does not share information of our users in Australia with any foreign government, including the Chinese Government, and would not do so if asked,” Hunter said in a statement to The New Daily.
Despite these claims, Australian Labor party senator Jenny McAllister said that there have been “credible reports that TikTok takes more data than its users would expect,” adding that the app moderates content for reasons that may make many of its users uncomfortable.
This isn’t the first time TikTok has faced backlash following data security concerns.
What Information Does Tiktok Collect and Share?
As with almost every modern application, TikTok requires access to a device’s camera, microphone, WiFi connection and full address book before you can use the app. Given that TikTok allows users to create and edit their very own videos, it makes sense that the app would require full access to the microphone and camera. However, one thing that many users may find surprising is that TikTok could also collect location data in addition to information from other apps running on the device.
If that wasn’t bad enough, the lawsuit also stated TikTok was using a range of tactics to cover up the fact that they have been transferring information, including biometric and user data. According to the lawsuit, when a user records a video and clicks the “next” button, the video is automatically transferred to several servers without their knowledge.
Where Does TikTok Store User Information?
When it comes to TikTok, one of the biggest concerns raised by its users has to do with where the app stores their information. In a post on the official TikTok website, the company states: “We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centres are located entirely outside of China, and none of our data is subject to Chinese law.”
Lee Hunter later confirmed this in a statement made to The New Daily, adding that TikTok was currently building “next-generation security programs.”
Even though the personal information of TikTok users may be stored on servers in Singapore, data could still be extracted and sent to servers in China. While this hasn’t yet officially happened, theoretically speaking, if China had access to biometric data, authorities could identify people in videos using facial recognition. Chinese authorities could then map rooms using a machine learning process known as feature extraction.
Given that ByteDance recently developed a feature using deepfakes technology that may be launched in TikTok, many users fear that people may take advantage of the technology and use it to spread misinformation about them.
TikTok Privacy Concerns Raised
As TikTok continues to grow in popularity, the app has received strong disapproval for its privacy and security. While many users have voiced their concerns over the location of its servers, others are anxious about where the data is being sent. If TikTok stored its users’ data on Australian servers, the Australian jurisdiction would apply. Once that data is stored in another country, it is subject to both the privacy regulations and legal jurisdiction in the country it is sent to.
Related: UK and Australia to Investigate Clearview AI Over Data Privacy
Is Banning TikTok From Australia Really the Answer?
While banning TikTok may sound like a simple solution, enforcing a ban across Australia isn’t something that can happen overnight. Even if the federal government pushed to remove the application from all app stores, users may still be able to access TikTok using a VPN or a store from another region. Banning TikTok also wouldn’t automatically remove the application from a device, meaning millions of Australians would still have access to it. However, if TikTok does end up being banned in Australia, Cyber Law and Privacy Expert Dr. Prashant Mali says that it is “important to remove these apps otherwise your phone will become vulnerable and prone to hacking”.
If the federal government enforces a ban on TikTok in Australia, its users’ data could still be in the hands of foreign authorities.