TikTok continues to gain momentum with its popular social media app. superior one billion users in 2022. While users blissfully scroll through the latest videos from their favorite content creators every day, data security concerns continue to question the Chinese social media behemoth.

- Advertisement -

The company faced criticism over the last couple of years related to security issues data collection policy despite the popularity and large number of users around the world. Cryptocurrency users also interrogated whether sensitive data, such as private keys to wallets, can be deleted by TikTok’s intended data practices.

- Advertisement -

U.S. Federal Communications Commissioner Brendan Carr called to have Apple and Google remove TikTok from their app stores in June 2022, alleging that the app “collects a lot of sensitive data that new reports show are being accessed in Beijing.”

- Advertisement -

Two years earlier, cyber intelligence firm Check Point Research came out report highlighting vulnerabilities in the TikTok app. This included the ability to control and manipulate TikTok accounts, delete and upload unauthorized videos, post private “hidden” videos, and access private email addresses and mobile phone numbers.

The firm shared these discovered exploits with TikTok in late 2019, and the company deployed solutions for the vulnerabilities. Check Point Research told Cryptooshala that it has not conducted further research into the TikTok code since it was originally examined.

TikTok uses HackerOne for reward code is seeking rewards through its program for finding bugs. The initiative rewards the discovery of security vulnerabilities with varying reward ranges depending on the severity of the discovered bug. Since the current bounty table was created in October 2021, TikTok has paid out $539,000 in bug bounty bounties.

Former Head of TikTok Games Department Leaves Web2 to Create Web3 Core Protocol

Cryptooshala reached out to TikTok to comment on concerns raised about security and data collection practices. A company representative shared a wide range of published resources on its data collection practices and claims against it.

TikTok stores user data in Singapore and the US and uses access controls, including encryption and security monitoring, from its US security team. Access to this data is secured by a number of controls, and the company claims that user data is not available in China, as claimed by the likes of Carr of the FCC in America.

The Representative also noted that access to the application’s clipboard was controlled by the user and not report from the Financial Review in July 2022, which claimed that the feature was automatically enabled by TikTok. Fear of potential risk for any sensitive messages or passwords copied to the user’s clipboard.

Coins are not in danger, but phishing is a reality

Cryptocurrency users can breathe a sigh of relief as security experts agree that using or having TikTok on a mobile device does not directly expose crypto wallets and exchange apps to the risk of being hacked.

Bree Fowler has been following TikTok’s data issues for the past couple of years as a senior cybersecurity and privacy writer for CNET. The journalist believes that TikTok users should not worry about using other applications along with TikTok, telling Cointelegrap:

“State-sponsored hackers are not going to go after ordinary people in this way. I would be more worried about dubious crypto apps and exchanges. It’s much easier to just send phishing emails.”

Fowler warned users to stop TikTok from tracking device activity, change the app’s privacy permissions, and store cryptocurrencies in offline (cold) wallets as an added precaution.

Cryptooshala also reached out to Anna Larkina, cyber security expert at Kaspersk, who believes the questions asked about TikTok’s data collection policy make sense:

“The amount and type of data that TikTok collects about its users imposes an appropriate degree of responsibility for their safety. There is a need for maximum transparency about exactly where this data goes, especially when it comes to third parties, which are extremely difficult to trace.”

Larkina noted that the sum of all this data contains a significant amount of information about an individual user, and the potential cost of a data breach should not be taken lightly.

The biggest threat noted by both experts is the possibility of user data being compromised and then used in coordinated phishing attacks. With the amount of information stored on TikTok, including what apps are installed on your device, attackers could potentially plan targeted attacks on individual users.

Larkina also warned users not to copy or paste login and password information on devices running TikTok and restrict the app’s ability to collect data.

Politically charged situation

Politics is inextricably linked to the situation around TikTok, its popularity and use around the world. Administration of former US President Donald Trump excited to ban TikTok and WeChat in America, which brought the issue to the fore.

Fowler believes that it is not clear whether the fears expressed over the past two years are justified, and that political motives also play a role here. While most associate TikTok with harmless videos that have won over younger audiences, Fowler remains skeptical about the situation:

“On the face of it, this doesn’t seem like something very personal or that it could be useful to the Chinese government. But the more information a group or individual has about you, the more they can use it to their advantage, whether it be for data mining, cybercrime, or more nefarious purposes.”

Given the huge reach of TikTok, the platform has also become a major advertising platform for the cryptocurrency space. Binance made headlines in June 2022 when they entered into an agreement with TikTok’s most popular influencer, Habi Lame, to create Web3-focused educational content.

The platform also tapped into the non-fungible token (NFT) universe with its own collection of NFTs from several of the most prominent content creators, celebrities and influencers in September 2021.