TikTok has pushed back on those claims, calling them “unfounded.” To underscore its independence from China, TikTok has cited its recently hired American CEO, and said it has “never provided user data to the Chinese government, nor would we do so if asked.”
“The Trump administration has taken almost like a whack-a-mole approach to dealing with these issues, because it seems that as soon as a Chinese company is in the news, all of a sudden that becomes the new target,” said Justin Sherman, a fellow with the Cyber Statecraft Initiative at the Atlantic Council. “It seems very unlikely that there is thinking going on about the longer term strategy, and much more likely that the focus instead is on this politically motivated attack on an application because it’s a Chinese-owned app, even if there are real security questions.”
The China question
Policymakers’ chief worry is that ByteDance could be forced to hand over TikTok’s data on US users to the Chinese government, under the country’s national security laws. TikTok has said it stores American user data on US-based servers that aren’t subject to Chinese law; skeptics argue TikTok’s parent, ByteDance, is ultimately a Chinese business that’s still beholden to Beijing.
But several security experts told CNN Business that, although TikTok’s links to a private Chinese company are worthy of concern, the app simply wouldn’t be that useful for espionage.
“It’s right to be suspicious of the Chinese,” said James Lewis, senior vice president at the Center for Strategic and International Studies, a security think tank. “But I’m not sure TikTok is a good intelligence tool for them.”
“The Chinese government does not necessarily have unfettered real-time access to all companies’ data,” Sacks said in her testimony. “Chinese corporate actors are not synonymous with the Chinese government or the Chinese Communist Party, and have their own commercial interests to protect.”
Concerning security flaws
An alarming technical report about TikTok this year has only added to the concerns about its security, though experts say there is an important distinction between identifying individual security gaps and labeling something a threat to national security.
The discovery raised important questions about TikTok’s ability to safeguard user privacy. But company engineers appeared to operate in good faith, according to Oded Vanunu, a security specialist at Check Point Research, who led the group of researchers that announced the findings. TikTok, he said, seemed motivated to fix the flaws.
“They were concerned about the optics of it, and their PR people, there was some friction there,” said Vanunu. “But from our perspective they were very happy to get this kind of information and were happy to cooperate.”
The bigger concern with TikTok
Even as technical experts describe TikTok’s espionage risk in mostly theoretical terms, policymakers argue TikTok could still threaten US interests in softer ways — by influencing the global conversation on its platform. And in this respect, some experts warn, the danger is already being felt.
TikTok has said that its content and moderation policies are developed by a team of American employees and that the policies are not influenced by any foreign government. TikTok’s investors include large international names such as Sequoia Capital and Softbank, and in May, the company hired Kevin Mayer, a former Disney executive, as its CEO.
So TikTok’s handling of content and user data could plausibly weaken US power and influence, experts say, but more abstractly than directly spying on government officials or monitoring troop movements.
That says more about the US’s lack of policies regulating data, privacy and platforms than it does about TikTok, many of them said.
“I think people are blending a lot of different values here related to human rights, privacy, censorship — and it’s at risk of getting bundled into a security argument,” said Karl Grindal, a cybersecurity expert at Georgia Tech.