Lotus Ruan, who has conducted technical analyses of Chinese apps like WeChat and is currently a senior research fellow at the Toronto-based research group Citizen Lab, echoes this view: “With the rise of TikTok and the Chinese apps going global, [people] are looking at the Chinese apps with a magnifying glass.” As a result, the risks are often exaggerated.
The actual differences between these apps and American apps are pretty small, Ruan says. In 2021, a technical review of TikTok, conducted by a colleague of Ruan’s, reported that it “did not observe [TikTok or its Chinese version Douyin] collecting contact lists, recording and sending photos, audio, videos or geolocation coordinates without user permission.” (WeChat, on the other hand, was found to surveil chats even in accounts not registered in China.)
“We have a tendency to securitize everything now,” Ruan says, “It’s important, but we have to be very careful when we apply a national security framework to data.” Concerns about what these apps could have been doing should be built on actual technical research instead of speculation and insinuation, she says.
Even so, journalists and those in policy circles should closely watch how these apps process their data, with particular attention to whether any user data is being transferred back to China.
As Xu tells me, there’s a legitimate national security concern about what happens to US user data once it is inside China’s borders. China has been developing a legal framework for protecting personal data, but it is focused on holding private companies accountable, not restricting what kind of data the government gets from companies or what it does with that data.
There are things companies like ByteDance, which owns TikTok, can do to address the concerns. For years, ByteDance has vowed to store and process US data only in the US, but there are still reports that company engineers in China are inappropriately accessing US user data. “There are a few things they have said they’re going to do, but they haven’t. I think that’s the problem,” Xu says. Enforcing that separation of user data—and using third-party audits to prove that it’s being done—would be a first step.
The political narrative around TikTok as a national security threat may drive away some users—if TikTok is no good for government employees, shouldn’t I be concerned and stay away from it too? But unless the US government implements a comprehensive ban on TikTok, I believe many more are going to keep using it.
The reality is, at the end of the day, very few American users are actively thinking about what country an app originates from. Many people will simply weigh the benefits and risks: are the goofy videos entertaining enough to justify the risks of exposing their data to companies and potentially state actors?