Who And Where (and What) is TikTok (Doing with Our Data)?

In the past year, TikTok has typified Gen Z’s Social media use. With more and more children getting mobile devices at a younger age, the demographic has demonstrated its preference for short and sweet social media posts that are more entertaining than communicative. Whether this is good or bad in terms of social development is a discussion left for mental health professionals and educators. For the Cybersecurity community, though, the concerns come from a distinctly different angle.

It isn’t the intent of the app’s platform or even the very young demographic to which it admittedly appeals. The concern lies more with where the uploaded content is going and what is being done with it. Another concern is who is behind the TikTok phenomenon.

It is public knowledge that the company is Chinese owned. This is not necessarily a vilifying factor. Every country has companies based out of them. Some are transparent and legitimate. Others are…not so much of the same ilk. In this case, the curiosity arises when one does a WhoIs lookup for TikTok. The registrant shows up as
eName Technology Co., Ltd., which according to InterNIC is based out of Xiamen, a city in the Fujuan province of China. Referencing back to the WhoIs data again shows the registrant contact to be based out of Great Britain, with the location as KaiManQunDao. A quick translation reveals this to be the Cayman Islands.

This is also not a vilifying factor. It does bring into question who exactly is running the show. The Cayman Islands are famous (or in some cases, infamous) for being the business base for companies around the world. What this does make clear is that effectively tracing an irrefutable path back to TikTok’s servers would prove difficult if undertaken.

This, in turn, leads back to the question of who exactly has access to the data being uploaded by users of the app. With 1.65 billion downloads to date, there is undoubtedly a lot of data residing and undoubtedly being replicated via daily backups. This data includes the obvious: user names, content, geolocations, and source IP addresses.

This is where the access concern comes from. It is plausible that the parent company is legitimate in the presumed intent to reap a huge amount in ad-based profits. Unfortunately, with the known, strict control of business in China, it is also possible that the Chinese government may have mandated access to the company’s data. Herein lies the underlying, Cybersecurity concern.

Unlike a U.S. based tech company like Facebook, the who behind TikTok cannot be summoned by the U.S. Congress to discuss privacy concerns. At the moment, there is little to nothing that can be done to negate the possibility that the data is being crunched via big data analytics, for the purpose of influencing the political, economic, and other opinions of its users. This concern is exacerbated by the fact that the vast majority of users are tweens and teens who are still very easy to influence.

The questions discussed herein are not limited to TikTok’s ownership and intent. With an increasingly complex, global construct, it is only a matter of time before the next social media platform of the type launches and replaces TikTok. For this reason, it is especially imperative for parents around the world to at least regularly monitor their children’s social media accounts for both appropriateness of content and to minimize the amount of Personally Identifiable Information (PII) they’re sharing.