In Australia, concerns mount that China could use TikTok to spy on users
- Hypothetically, the app could enable Chinese authorities to use biometric data to identify people using facial recognition
- It could also be possible to map rooms and locations by using ‘feature extraction’ on videos
An Australian newspaper, the Herald Sun, this week reported that an unnamed federal MP was pushing for the app to be banned.
A growing following
Users generate short videos that are shared in the app, with many celebrities also signing up. But although TikTok seems to offer carefree entertainment, is there a darker side?
When installed, TikTok asks users to grant several permissions, including the use of the camera, microphone and contact list. However, it may also collect location data, along with information from other apps on the device.
Last year, a proposed class action lawsuit filed against TikTok in California claimed the company gathered users’ data, including phone numbers, emails, location, IP addresses, and social network contacts.
The lawsuit also stated TikTok concealed the transfer of data, including biometric data, and continued to harvest it even after the app was closed. This would mean when a user shoots a video and clicks the “next” button, the video could be automatically transferred to servers – without the user’s knowledge.
Where is the data stored?
While TikTok’s headquarters are in Beijing, Australian general manager Lee Hunter recently claimed Australian users’ data was stored in Singapore.
A major challenge in sorting the truth from fiction lies in how we define “data”. While TikTok users’ details and videos may be stored in Singapore, there’s still potential for data to be extracted from this video content and the device and sent to China’s servers, although this hasn’t been proven to have happened.
Hypothetically, it would then be possible for Chinese authorities to use biometric data to identify people using facial recognition. It would also be possible to map rooms and locations by using “feature extraction”, a machine learning method, on videos. This could then aid the creation of new, advanced deepfake videos potentially targeting specific people.
While this may seem far-fetched, there have already been pre-emptive TikTok bans within major organisations to ensure sensitive information isn’t leaked.
ByteDance claims its data is stored in servers in the US and Singapore: “Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.”
From a user privacy perspective, TikTok has access to a device’s location and a user’s personal information. Although TikTok’s servers may be located outside China, it’s very difficult – if not impossible – to confirm where this data could end up, or what it could be used for.
While the location of servers can be important, possession of data is more relevant. Once data is obtained, it can be used. If data is stored on a server in Australia, for instance, Australian jurisdiction applies. But once it is sent to another country, that country’s laws take precedent.
And if a TikTok user decides to delete their content from their device, or if there is a government-imposed ban, data can’t be retrospectively erased. Once information is transferred, it’s impossible to retract without the cooperation of the organisation or agency concerned – in this case, TikTok.
Can the government actually ban TikTok?
The fact is, enforcing an Australia-wide ban on TikTok isn’t a simple prospect. While the federal government could request the app’s removal from the Apple App Store and Google Play Store, it could only do this for Australian regions and marketplaces.
Users in Australia would still be able to download TikTok from another region’s store, or via a third-party source. Also, banning the app won’t automatically remove it from devices on which it is already installed.
Blocking access to TikTok’s servers would be done in conjunction with internet service providers such as Telstra and Optus, as they can block access to apps and websites. But users could still use proxies or Virtual Private Networks (VPNs) to circumvent these controls.
And even if TikTok was banned, citizen data already handed over would remain stored, and could be accessed for the foreseeable future.
Paul Haskell-Dowland is associate dean of computing and security at Edith Cowan University. James Jin Kang is a lecturer in computing and security at Edith Cowan University. This article first appeared on The Conversation.