Here’s a little twist in the whole TikTok debate—the difference between running the Chinese video sharing app on Android versus iPhone. There are far more TikTok users on Android than iPhone. And so if you want to use the platform, but have concerns over the data it’s hoovering up, is a change of device a way to keep your fix while staying somewhat safer? Maybe.
TikTok is not spying on you for China—ignore the headlines screaming otherwise. But it is grabbing too much of your data and there’s no way to know for sure where that data ends up or how it’s used. Despite what you may have read, China’s Ministry of State Security has little interest in your minute-by-minute movements. But a multi-billion dollar mobile marketing industry is more than happy to lap it all up.
The issue is exacerbated by TikTok’s young user base. As Joel Wallenstrom, CEO of secure messenger Wickr, tells me: “My kids are everyday users of TikTok—I think they may actually be ‘every minute’ users. Their personal information is definitely falling into the hands of people intent on building profiles that can be utilized for future gain. If their careers or lives ever put them in a position to be adversarial to totalitarian regimes, then there could be future danger or risk. What parent doesn’t hope their child is viewed as hostile to totatalinarism? But they are mostly in danger of the psychological damage connected to self-regret over all the time they waste.”
But while China has little interest in America’s teens, that’s not the case everywhere. “Everyday users in countries that cooperate closely with the Chinese,” Wallenstrom says, “who use TikTok in ways the Chinese government disapproves of, are probably in some immediate danger. Finally, if an everyday user is subject to the dangers of disinformation, and China has an interest in damaging you, then TikTok is very dangerous. AKA they may have interest in you not winning an election.”
Google has a conflict when it comes to TikTok and other data-grabbing social media platforms. Google has a foot both sides of the fence—a leader in mobile marketing—tracking users, collecting data. But also safeguarding user privacy with Android OS. You can see the problem. Facebook has admitted iOS 14 will frustrate its pervasive tracking tools. The same issue will hit Google on Apple’s devices as well.
Apple has set itself up as the champion of user privacy, declaring war on tracking. iOS 14 promises a set of privacy and data security protections, the likes of which we’ve never seen on mobiles before. Let’s remember, TikTok’s latest woes began when it was caught snooping on iPhone clipboards by a new iOS 14 beta.
TikTok wasn’t the only scalp claimed by iOS 14’s new protections—Linked, Reddit and others tripped the same warnings. Its competitor Instagram triggered iOS 14’s camera alert, when users were not using their camera—all bugs, everyone said. Maybe. But what is clear is that Apple is forcing an industry to clean house fast. It’s new territory.
Here’s another little twist. This wasn’t the first time TikTok was caught accessing iOS clipboards. The same happened back in March—TikTok said then that it was the fault of an outdated and errant Google advertising SDK. A Google SDK—think that through. We also still don’t know for sure if TikTok ever snooped Android clipboards—the platform says not, Google isn’t commenting.
And then we had the MAC address surprise just this week—TikTok reportedly tracking users device identifies in violation of Google’s rules—Google has said it’s investigating. TikTok is said to have stopped the practice back in November. It has been raised as an issue by security researchers since then, but it took a Wall Street Journal report to make this a headline issue that triggered action. U.S. senators have now reportedly asked the FTC to investigate TikTok over the alleged data abuse.
“To me, this is a stark reminder of the few or weak privacy guarantees we get from Play Store,” Wallenstrom tells me. “TikTok spent years collecting sensitive data knowingly and openly against the store policy. Privacy tends to lose if Google has to choose between protecting end users versus wild success and rampant adoption—and revenue. Google might argue that the App Store isn’t any better… and they would be mostly right. But this need not be a race to the bottom.”
Wallenstrom is also highly critical of TikTok’s use of encryption to wrapper the MAC data. “There are perfectly legitimate reasons to add extra layers of encryption inside TLS—we do this at Wickr. But TikTok was encrypting very select data to significantly increase the effort required for a third-party to detect the policy violations.”
Android is markedly less stringent with data privacy than iOS. Android 11 is a major step in the right direction—it’s no iOS 14, though. Warnings when cameras or microphones are accessed, shifting from exact to approximate locations—and only when you want it shared. A tracking crackdown both within the OS and Safari—and apps forced to seek specific permissions where the default assumption will be no.
Android has long suffered from permission abuse—its crackdown is long overdue and does not go far enough. But social media apps are central to the mobile marketing industry, an industry Google plays a dominant role within. Google is following some of Apple’s moves to protect users. But it’s hard to believe that we will see such a sea change as to derail that part of Google’s business model.
And so to the Play Store. Apple’s App Store is locked down—there are issues on there, for sure, but these are fairly rare in comparison to Android. Google has cracked down in the last year on abusive or malicious apps—many from China, including secret networks of abusive apps designed essentially as data gathering tools. But malicious apps on the Play Store, alongside the scourge of permission abuse, remain an issue.
So in Android we have a less secure platform that is more open to the exfiltration of user data by networks of Chinese apps. We have a report that TikTok was breaking its rules—undetected—to pull tracking data for more than a year. We have a fragmented hardware landscape that opens vulnerabilities as seen in the Qualcomm Snapdragon issue earlier in the month. These dots are not too tricky to join.
Of course, no-one is going to change from Android to iPhone just to run TikTok more security. But if you’re worried about TikTok—or any of the other social media apps that are hungry to sift through as much of your data as they can, then maybe it is time to switch to an iPhone—if you don’t use one already.