If you are anything like me, you probably love TikTok. Whether you use the app for brain rot time, as your form of google, to connect with others, to create content, for entertainment, or as your job, this app is one of the most popularly used social media platforms in the world. In April 2024, President Biden signed a law into legislation that gives ByteDance, the company that owns TikTok, 270 days to sell TikTok to a U.S. company before it is prohibited from being in app stores in the U.S., and removed from the internet hosting services that support it. In 2020, the Trump administration began to discuss concerns around the security of TikTok, being that it is owned by a Chinese company and there are worries the data collected from TikTok will be used by the Chinese government against the U.S. This idea has been disputed by TikTok, stating that they have “never provided user data to the Chinese government, nor would we do so if asked.”
Understanding how TikTok works
TikTok uses a fine-tuned algorithm to engage its users and keep them entertained. This algorithm is not unlike other algorithms for social media, such as Instagram, that takes user interactions and input to personalize what content is displayed for the user. This algorithm interprets your behaviors on the app such as the posts you like, comment on, how long you stay on the post, if you save it or share it, what accounts you follow, ads you interact with, things you search, and so much more to determine what output it will provide. If you develop a hobby, such as knitting, and begin watching videos on how to knit then TikTok will take those interactions with that content and provide more videos like that on your “For You Page”.
TikTok does this in several ways, including using code that makes it possible to track user keystrokes within the in-app browser, which has made this app stand out from the other popular social media platforms. However, TikTok is not the only social media platform with this capability embedded in its code. Meta has this feature embedded in Instagram’s code as well. It is important to note that the code has the capability to do this but that does not guarantee that the apps are actively using that capability. When I hear “keystroke tracking” I immediately think that each key I press is being followed and noted, which is basically what it is. Keystroke tracking can also be used to find metrics on how quickly the in-app browser is running, how long the user spends on the browser, etc., to help discover any performance issues, perform debugging and/or troubleshooting. Felix Krause, a self-proclaimed security and privacy researcher, looked into these things himself by scanning the code for the JavaScript commands that are executed while rendering the in-app browsers. Krause found that Amazon, Facebook, Facebook Messenger, Instagram, and TikTok all have the keystroke tracking JavaScript capabilities. These findings may make you wonder if these apps are collecting this data, and if so, what they are doing with it. Whether these apps are actively collecting the data is not something that can be definitively proven by looking at the code, but TikTok has stated that they have these features but do not use them for anything other than performing debugging, troubleshooting, and performance monitoring.
Why does the U.S. want to ban TikTok?
The popularity of TikTok in the U.S. means that they have a lot of data collected from U.S. citizens, but that and the fact that ByteDance is a Chinese company does not automatically mean that a threat is present. There are legitimate concerns with this app, like all other popular social media apps, that if the data collected made its way into the hands of a bad actor there could be devastating consequences. Since these apps collect data on users, are individualized to display specific content to users, and have become so popularly used, there are many potential harmful misuses of their users’ data. Some examples of this would be exposing user passwords, credit card information, or other personal information like private messages or pictures or videos; or using the app to spread misinformation or propaganda.
Final Updates
On Saturday, January 20 TikTok was no longer available for use in the United States. This was temporarily resolved with the TikTok ban being delayed for an additional 75 days. Since the Supreme Court upheld the law enforcing the TikTok ban, ByteDance is still required to sell TikTok to a U.S. company to avoid the ban from going into effect once this 75 day grace period is up.