TikTok remains evasive on the data it collects
The company's COO was pressed by members of the Senate to answer questions about the app's security.
TikTok’s relationship with ByteDance, its Chinese parent company, has long been an issue for the US government. Former President Donald Trump attempted to force ByteDance to sell the popular social media app to an American company in 2020, though it never happened. According to The New York Times, President Biden has been negotiating with TikTok in private over “steps that could mitigate the government’s concerns.” Apparently though, his efforts aren’t sufficient for TikTok skeptics.
In an effort to allay concerns over how it handled data, in June this year, TikTok announced that all US traffic was now being routed through American computer company Oracle’s cloud infrastructure. Some user data is still backed up to TikTok-owned servers in Singapore and Virginia for now, but the company says that it plans to delete them in the future.
That same day, however, BuzzFeed News released a report detailing how “engineers in China had access to US data between September 2021 and January 2022, at the very least.” In one recording seen by BuzzFeed News, a director called one Beijing-based engineer a “Master Admin” with “access to everything.” Whether traffic was being routed through the US or not, ByteDance employees in the PRC seemingly had access to it, at least for a time.
According to TechCrunch, Senator Kyrsten Sinema of Arizona asked Pappas, TikTok’s COO, if biometric data from US users had “ever been accessed by or provided to any person located in China,” and if doing so was possible. Pappas avoided giving a direct answer, instead, according to TechCrunch, she explained that Tiktok didn’t use “any sort of facial, voice or audio, or body recognition that would identify an individual.”
Pappas apparently elaborated, explaining that what TikTok called “biometric” data was only used to apply filters—like the ones that add sunglasses or dog ears to your videos—and was deleted from the user’s device immediately afterwards.
This would seem to suggest that engineers in China would be unable to access the data as it doesn’t exist, however Pappas did not state that directly.
As well as facing questions about biometric data handling, Pappas was also asked about reports that TikTok’s in-app browser could log keystrokes. She responded by saying that TikTok had not collected the contents of what was typed, and that it had been used as “an anti-spam measure.”
Whether Pappas’ responses at yesterday’s hearing are enough to satisfy US lawmakers remains to be seen. The company, meanwhile, appears to be carrying on business as usual. Today, TikTok announced a new feature that it’s rolling out to users called “Now,” which allows them to capture moments with both the front and back camera (a hallmark of the up and coming app, BeReal).
According to Bloomberg, the national security review of TikTok is still ongoing, and despite the fact that it paints itself as a global company, it is still very much owned by ByteDance.