FCC Commissioner Brendan Carr is calling on Apple and Google to remove TikTok from their stores, citing a threat to national security. Credit: TikTok FCC Commissioner Brendan Carr has written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security. Is your data going TikTok? Carr warns the app collects huge quantities of data and cited a recent report that claimed the company has accessed sensitive data collected from Americans. He argues that TikTok’s, “pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. data…puts it out of compliance,” with App Store security and privacy policies. He warns that TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data. He claims it collects: Search and browsing histories. Keystroke pattens. Biometric identifiers, including faceprints and voiceprints. Location data. Draft messages. Metadata The text, images, and videos stored on a device’s clipboard. And more… In his letter, the commissioner provides some evidence to support his argument that TikTok fails to adhere to Apple and Google’s security practices — for example, researchers in 2020 claimed the app might be able to access sensitive data, including passwords, crypto wallet addresses and messages. Security, politics and hype Carr points out that US government and national security agencies are either urging or mandating the removal of the TikTok app from devices; India has banned the app on national security grounds; and some businesses have already banned its use on company devices. At the same time, there continue to be mainstream reports to support the service. For example, one of the UK’s leading newspapers, the Evening Standard, today leads with a report explaining who the most followed people on TikTok are. The numbers are staggering: Khaby Lame has 142.8 million followers on the service. The most viewed video on TikTok ever, Zach King’s Harry Potter Illusion video generated 2.2 billion views. That’s a lot of people — and, conceivably, a lot of data potentially made available outside the circle of trust many may expect. That’s important, given 80 million people spend around 24 hours a month using the service. Objectively, TikTok does seem to have tried to distance itself from the privacy abuses Carr points to, but the most recent claim that US user data can be accessed by the company may have pushed its reputation over the precipice. Though it did move US user data to Oracle servers in the US just before the latest damaging report appeared. What happens next? I imagine TikTok will attempt to dispute the report that prompted the commissioner’s request. In the event it fails to achieve that, it seems inevitable that Apple and Google will remove the app from their stores, at least in the US. But what this really represents is an allegory for the level of risk businesses face, and will continue to face, as entities of various kinds persist in exploiting digital connectivity for their own ends. If Carr’s claims are true, then TikTok joins names such as NSO Group and RCS Labs on the roll call of companies dedicated to undermining user privacy. It is possible the US government’s Committee on Foreign Investment in the United States (CFIUS) may soon announce a National Security bill designed to put the brakes on any potential abuse by state actors in line with the commissioner’s claims. All the same, if we disregard the nationalities, then the claim also exposes the challenge of doing business in an increasingly surveilled age. If every nation is involved in exfiltrating data in this way, no one can really be seen as secure. That some of this activity is outsourced to shadowy private entities amplifies this risk. Of course, in the short term, business users will want to figure out how to convince employees to cease use of TikTok on work devices while MDM and security vendors will be exploring ways to partition the app from any sensitive data held on a dual use work/personal machine. The less they know, the less they know Finally, of course, this news should be seen as a testament to support Apple’s fundamental approach to privacy and security on devices, and an argument to go further on that path. After all, even the most intrusive app can’t gather data that does not exist. The best approach is to ensure the endpoint intelligence remains on the device and can’t be shared in any useful format. Though at this stage of the digital transformation, the parable of TikTok suggests there is still some way to go, so you’d best ensure your company security practice is TipTop for TikTok. Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Mosyle and Fleet bring new device management options to Apple enterprise Apple's growing enterprise market share is generating tons of opportunity for the company's partners in the device management market. Their approaches reflect the diversity of use. By Jonny Evans May 01, 2024 4 mins Apple Mobile Device Management Mobile Security feature Apple is intensely focused on its global AI efforts When the ship that is Apple moves in any direction, you can always count on careless whispers to expose the destination. From research labs to sophisticated AI models and Apple Silicon for server farms, here's what we've learned in just one By Jonny Evans Apr 30, 2024 6 mins Apple Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe