TikTok Security Concerns and SAP

Geo-Political Background

Recently, the Trump administration has kicked around the possibility of banning the use of TikTok in the United States. This comes against a backdrop of increasing tensions between the United States and China due to China’s emergence as a military and economic rival superpower, and exacerbated by what some in the West view as China’s military and economic expansionism against a backdrop of long-time institutional infiltration, technological and other espionage, and unfair trade practices. Recently, relations have been further strained by internal Chinese crackdowns on civil dissent, reneging on the conditions of its treaty with Great Britain regarding the status of Hong Kong, and what some (though not all) view as blame for not having blown the whistle earlier about CoVid-19, which has had devastating health, social, and economic consequences around the globe.

India, which has recently clashed with China above the disputed Galwan Valley between China and Indian-administered Kashmir, has banned the popular short-form video plus sound application. There have been rumors, though denied, that Australia and the Philippines might also follow suit. Both of those nations have been alarmed by Chinese expansionism in the South China Sea.

Does TikTok Pose a Danger?

Does the application pose a danger? It’s hard to say. Like most such applications, new versions often are filled with security issues that need to be patched, and TikTok does a comparatively decent job of doing so. The company that owns TiKTok, ByteDance, is headquartered in China, but not ‘owned’ by the government per se. ByteDance swears up and down that it would never convey any user information to the Chinese government, but the rights and responsibilities of ‘private’ corporations in China vis-a-vis the government are more . . . negotiable, let us say, there than they are in the West.

At present, there’s no reason to believe that TikTok collects any more information than other ‘free’ social media applications, such as Facebook and Twitter, which monetize metadata from their users to target ads and such, but following revelations of what Cambridge Analytica was able to infer from access to Facebook’s information during the 2016 election, there is some concern about how China might use such information for similar purposes (or worse) such as: wargaming, propaganda/disinformation and election meddling. We have already seen that they take a very aggressive line against their own citizens at home and abroad who use online platforms to criticize the government, and like the Russians they seem to be cultivating their own troll farms.

With Regard to SAP Users . . .

The problem here is that many SAP users are companies whose information is not only valuable to themselves, but potentially also to others. One of the things that TikTok was criticized for was maintaining access to clipboard information. They were criticized, when found not to have fixed the problem. They excused the delay by saying that there was a conflict with the spam filter. Theoretically, a government with access to such information might leverage it either through simple data mining or blackmail. A surveillance state such as China might exploit or introduce backdoor methods of accessing data on devices with the TikTok application, as they are said to have done with Huawei, their 5G cellphone network.

So there is no clear-cut answer on whether to prevent employees from using TikTok on devices that also might be used for work purposes. As a precaution, and partly because of the conflict, India has banned certain Chinese apps (including TikTok). The State Department would like Microsoft or some other US-based company to buy it. They have given a deadline before it is banned. For the moment, we advise caution.