Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label TikTok. Show all posts

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

While we have all learned to avoid clicking on suspicious links and be wary of scammers, this week we were reminded that there are some silent threats out there that we should be aware of zero-click assaults.

Recent Incidents

As Forbes first reported, TikTok revealed that a few celebrities' accounts, including CNN and Paris Hilton, were penetrated by simply sending a direct message (DM). Attackers apparently used a zero-day vulnerability in the messaging component to run malicious malware when the message was opened. 

The NSA advised all smartphone users to turn their devices off and back on once a week for safety against zero-click assaults, however, the NSA accepts that this tactic will only occasionally prevent these attacks from succeeding. However, there are still steps you can take to protect yourself—and security software such as the finest VPNs can assist you.

TikTok’s Vulnerability: A Case Study in Zero-Click Exploits

As the name implies, a zero-click attack or exploit requires no activity from the victim. Malicious software can be installed on the targeted device without the user clicking on any links or downloading any harmful files.

This feature makes these types of attacks extremely difficult to detect. This is simply because a lack of engagement significantly minimizes the likelihood of hostile activity.

Cybercriminals use unpatched vulnerabilities in software code to carry out zero-click exploits, known as zero-day vulnerabilities. According to experts at security firm Kaspersky, apps with messaging or voice calling functions is a frequent target because "they are designed to receive and interpret data from untrusted sources"—making them more vulnerable.

Once a device vulnerability has been properly exploited, hackers can use malware, such as info stealers, to scrape your private data. Worse, they can install spyware in the background, recording all of your activity.

The Silent Threat

This is exactly how the Pegasus spyware attacked so many victims—more than 1,000 people in 50 countries, according to the 2021 joint investigation—without them even knowing it.

The same year, Citizen Lab security experts revealed that utilizing two zero-click iMessage bugs, nine Bahraini activists' iPhones were successfully infiltrated with Pegasus spyware. In 2019, attackers used a WhatsApp zero-day vulnerability to inject malware into communications via a missed call.

As the celebrity TikTok hack story shows, social media platforms are becoming the next popular target. Meta, for example, recently patched a similar vulnerability that could have let attackers to take over any Facebook account.

Protective Measures

Stay Updated
  • Regularly update your operating system, apps, and firmware. Patches often address known vulnerabilities.
  • Enable automatic updates to stay protected without manual intervention.
App Store Caution
  • Download apps only from official app stores (e.g., Google Play, Apple App Store). Third-party sources may harbor malicious apps.
  • Remove unused apps to reduce your attack surface.
Multi-Factor Authentication (MFA)
  • Enable MFA for all your accounts, especially social media platforms. Even if an attacker gains access to your password, MFA adds an extra layer of security.
  • Use authenticator apps or hardware tokens instead of SMS-based codes.
Beware of DMs
  • Be cautious when opening DMs, especially from unknown senders.
  • Avoid clicking on links or downloading files unless you’re certain of their legitimacy.
Media Files Scrutiny
  • Treat media files (images, videos, audio) with suspicion.
  • Avoid opening files from untrusted sources, even if they appear harmless.
No Jailbreaking or Rooting
  • Modifying your device’s software (jailbreaking/rooting) weakens security.
  • Stick to the official software to maintain robust defenses.

The Tech Landscape: Rubrik, TikTok, and Early-Stage Startups


The idea that the public markets are not as exclusive to tech firms as some believed was reinforced by Rubrik's aggressive IPO pricing and the positive response it received from the public markets following its listing. If Rubrik's outcome is insufficient to end the deadlock, perhaps there is another issue at hand.

1. Rubrik’s IPO Triumph

Rubrik, a data management company, recently made waves by going public through an initial public offering (IPO). The reception was nothing short of remarkable, signaling a shift in sentiment toward tech startups. For years, the public markets seemed somewhat closed to these fledgling companies, but Rubrik’s success challenges that notion.

The IPO process is a litmus test for any company. It involves transparency, financial scrutiny, and investor confidence. Rubrik’s strong pricing and positive market response indicate that investors are willing to embrace tech startups, provided they demonstrate robust fundamentals and growth potential.

As Rubrik’s stock ticker symbol blinks across trading screens, it serves as a beacon for other startups eyeing the public markets. The message is clear: If you have a compelling product, a solid business model, and a vision for the future, the IPO route is viable.

2. TikTok’s Regulatory Quandary

TikTok, the viral short-form video platform, has been on a rollercoaster ride. Loved by millions for its entertaining content, it also faces regulatory hurdles. The United States government has demanded that TikTok divest from its parent company or face a ban. This move underscores the geopolitical complexities surrounding tech companies.

Why the scrutiny? TikTok’s Chinese ownership raises concerns about data privacy, national security, and censorship. As the app continues to captivate users globally, governments grapple with how to balance innovation and security. The TikTok saga serves as a cautionary tale for tech companies operating in a globalized world.

For startups, understanding regulatory landscapes is crucial. Navigating legal frameworks, data protection laws, and geopolitical tensions requires strategic foresight. TikTok’s experience highlights the need for transparency, compliance, and proactive engagement with regulators.

3. TechCrunch Early Stage Event

Tech Crunch hosted its annual Early Stage event. This gathering brought together startups, investors, and industry experts. The event’s focus? Empowering early-stage companies to thrive.

In Boston, where the event took place, entrepreneurs pitched their ideas, networked, and absorbed insights from seasoned veterans. The buzz around early-stage startups was palpable. Investors scouted for promising ventures, and founders honed their pitches.

Why does this matter? Early-stage support is the lifeblood of innovation. Startups need mentorship, capital, and exposure to flourish.

Tiktok Ban: China Criticizes a Proped Bill in the US Congress

China has criticized a proposed bill in the US Congress that could potentially lead to the banning of TikTok in the United States, labeling it as unfair. This action marks the latest development in a longstanding dispute over safety concerns regarding the popular app, which is owned by a Chinese company. Authorities, politicians, and security personnel in numerous Western nations have already been prohibited from installing TikTok on official devices.

Addressing three major cyber concerns surrounding TikTok, the first revolves around its data collection practices. Critics frequently accuse TikTok of gathering excessive amounts of user data, a claim supported by a cyber-security report published by Internet 2.0, an Australian firm, in July 2022. This report, based on an analysis of TikTok's source code, highlighted what it described as "excessive data harvesting," including details such as location, device specifications, and installed apps. However, contrasting studies suggest that TikTok's data collection practices are not significantly different from other social media platforms, with similar types of data being collected for user behavior tracking.

The second concern focuses on the potential for TikTok to be exploited by the Chinese government for espionage purposes. TikTok asserts its independence and denies providing user data to the Chinese government, emphasizing that such actions would not be entertained if requested. However, critics remain wary due to the app's ownership by ByteDance, a Beijing-based tech company. Allegations raised by former US President Donald Trump in a 2020 executive order suggested that TikTok's data collection could enable China to engage in espionage activities, although concrete evidence supporting these claims remains elusive.

The third concern revolves around the possibility of TikTok being utilized as a tool for "brainwashing" users. TikTok defends its community guidelines, stating that they prohibit misinformation and harmful content. However, concerns have been raised regarding the platform's recommendation algorithm and its potential susceptibility to influence operations. Comparisons with Douyin, TikTok's sister app available only in China, highlight disparities in content censorship. While Douyin reportedly promotes wholesome and educational content, TikTok's approach appears less stringent in terms of political censorship.

Overall, these concerns primarily exist as theoretical risks rather than concrete evidence of wrongdoing. Critics argue that TikTok could potentially serve as a covert instrument during times of conflict, akin to a "Trojan horse." However, decisions to ban TikTok, as seen in India in 2020, or restrict Chinese tech companies like Huawei from participating in 5G infrastructure development, are often based on these theoretical risks rather than tangible evidence. Conversely, China does not face similar concerns regarding US-based apps, as access to such platforms has been blocked for Chinese citizens for several years.

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.

Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

 


As passkeys continue to be more widely used as authenticators for a variety of sign-in purposes, the path towards a passwordless future is being driven forward. There are reports that this authentication method will be part of Microsoft's Windows 11 operating system, which may apply to user accounts on Nintendo's game consoles, Twitter accounts, and the device switching feature of messaging giant WhatsApp, as well as other websites and applications. 

Passkeys are a form of password-less authentication which harnesses the power of fingerprint, face scan, and other biometric techniques to create a stronger foundation for logins while keeping their security. A passkey is now available for consumers to register with the company and use on multiple devices to sign in from anywhere. 

According to the company, all users who have compatible devices can use the biometric login to access their smart devices, especially those who use biometric logins to access their devices. It is possible to use Passkey on iOS and Android operating systems, and all users need to do is meet the minimum requirements in terms of software to accomplish that task.

Adding a passkey to a user's Nintendo account can be done by visiting accounts.nintendo.com from the device that they plan to use the passkey on. Upon logging into their Nintendo Account, go to the Sign-in and Security settings section > Passwords > Edit, and then follow the instructions. 

After that, select Register a new passkey and follow the steps to complete the setup process on the user's device by selecting the Register a new passkey option. For now, Nintendo does not support passkeys on devices with iOS 16 or later, iPadOS 16 or later, macOS 13 or later, and Android 9 or later, as well as devices that are running iOS 16 or later. It will also allow users to register up to 10 different passkeys for their Nintendo account, and it will also assist with logging in. 

The Nintendo support page can give them more information on how to use passkeys and other issues related to passkeys. Passkeys have become a more secure alternative to passwords among an increasing number of online services that support them as a safer substitute. As far as passkeys are concerned, TikTok has joined the likes of Apple, PayPal, and 1Password in fully supporting the technology this year. 

In addition to Google Chrome, Cloud, and Workspace accounts, users can now also sign in directly to their GitHub account. GitHub just announced a passwordless method of logging in today. Passkeys are a tangible example of Nintendo's commitment to the future of authentication using digital means. Such advancements must be made in the gaming, technology, and digital security industries as the lines between them continue to blur. 

The time has come for all the developers and product managers out there to gear up and dive into the world of passkeys to learn more about them. In the future, it is going to be seamless and secure, and it seems like it can't get any better than that. 

Nintendo's Passkey now supports online account logins. A NintendoSoup team member discovered that the company has also been working on integrating Passkeys with Nintendo Accounts as part of a recent security enhancement. With this technology used as an additional layer of authentication, the company may be able to enhance the security of its accounts.  

If the user registers a passkey with their Nintendo Account, there is an additional layer of security that can protect the account from unauthorized access. To sign in to their account, users have the option of using their passkey instead of their email address or the sign-in ID and password they normally use to sign in. 

In Nintendo's opinion, users' passkeys are stored in advance on their smartphones or other devices, so they can access that device when they are signing in, and it can be retrieved by logging onto the device.  Using passkeys to switch devices in the WhatsApp beta It was announced recently that WhatsApp has enabled the use of passkeys in its beta channel to facilitate sign-in for its popular messaging app as part of its ongoing efforts to strengthen security. 

When switching devices, or when setting up the app on a new phone, users can sign in using their face or fingerprint biometrics, or with their screen lock password or pattern while setting up the app on a new phone, according to Android Police.

A new feature has been in the works on the app owned by Meta since August, and today the app outlined that the feature will be available in the next few weeks to more users. There has been a recent addition by WhatsApp to its application that allows you to lock private chats using biometrics. 

There is now the option for users to register their Passkeys to their Nintendo Accounts via supported mobile devices, as long as they meet the following requirements:   iPhone with iOS 16 or newer iPad with iPad 16 or newer Mac computer with macOS 13 or newer Android devices with Android OS 9 or newer

TikTok Faces Massive €345 Million Penalty for Mishandling Kids' Data Privacy

 


As a result of TikTok's failure to shield underage users' content from public view as well as violating EU data laws, the company has been fined €345 million (£296 million) for mishandling children's accounts and for breaking the laws. 

Data watchdogs in Ireland, which oversee the Chinese video app TikTok across the EU, recently told legal watchdogs that the video app had violated multiple GDPR rules in its operation. In its investigation, TikTok was found to have violated GDPR by making it mandatory for its users to place their accounts on a public setting by default; failing to give transparent information to child users; allowing a parent to view a child's account using the "family pairing" option to enable direct messaging for those over 16; and not considering the risks to children who were placed on the platform in a public setting and not considering that. 

Children's personal information was not sufficiently protected by the popular Chinese-owned app because it made its account public by default and did not adequately address the risks associated with under-13 users being able to access its platform, according to a decision published by the Irish Data Protection Commission (DPC). 

In a statement released on Tuesday, the Irish Data Protection Commission (DPC) said the company violated eight articles in the GDPR, the EU's primary regulatory authority for the company. There are several legal aspects of data processing which are covered by these laws, and they go from the legal use of personal data to protecting it from unlawful use. 

In most children's accounts, the settings for the profile page are set to public by default, so that everyone will be able to see any content that they post there. In an attempt to allow parents to link to their older child's account and use Direct Messages, this feature called Family Pairing allowed any adult to pair up with their child's account.  

There was no indication the child could be at risk from this feature. In the process of registering users and posting videos, TikTok did not provide the information it should have to child users and instead resorted to what's known as "dark patterns" to encourage users to choose more privacy-invasive options during their registration process. 

According to a DPC decision, the media company has been fined £12.7m after the UK data regulator found TikTok had illegally processed 1.4 million children's data under the age of 13 who were using its platform without their parent's consent in April. 

Despite being a popular social media platform, TikTok has done "very little or nothing, if anything" to ensure the safety of the platform's users from illicit activity. According to TikTok, the investigation examined the privacy setup the company had between 31 July and 31 December 2020, and it has said that it has addressed all of the issues raised as a result of the investigation.

Since 2021, all new and existing TikTok accounts that are 13- to 15-year-olds as well as those that are already set up have been set up as private, meaning that only people the user has authorized will be able to view their content. Additionally, the DPC pointed out that some aspects of their decision had been overruled by the European Data Protection Board (EDPB), a body made up of data protection regulators from various EU member states, on certain aspects. 

The German regulator had to propose a finding that the use of “dark patterns” – the term for deceptive website and app design that leads users to choose certain behaviours or make certain choices – violated the GDPR's provisions for the fair processing of personal data, and this was the reason why it had to include the proposed finding. 

TikTok has been accused of unlawfully making accounts of its users aged 13 to 17 public by default, which effectively means anyone can watch and comment on the videos that individuals have posted on their TikTok accounts between July and December 2020, according to the Irish privacy regulator. 

Moreover, the company failed to adequately assess the risks associated with the possibility of users under the age of 13 gaining access to its platform through marketing channels. Also, the report found that TikTok is still manipulating teenagers who join the platform by requesting them to share their videos and accounts publicly through pop-up advertisements that manipulate them. 

A regulator has ordered the company to change these misleading designs, also known as dark patterns, within three months to prevent any further harm to consumers. As early as the second half of 2020, accounts of minors could be linked to unverified accounts of adults. 

It was also reported that the video platform failed to explain to teenagers previous to the release of their content and accounts to the general public the consequences of making those content and accounts public. It has also been mentioned by the board of European regulators that there were serious doubts in their minds about the effectiveness of TikTok's measures to keep under 13 users off its platform in the latter half of 2020. 

As a result, the EDPB found that TikTok was failing to check the ages of existing users "in a sufficiently systematic manner" even though the mechanisms could be easily circumvented. Because of a lack of information available during the cooperation process, the group was unable to find an infringement, according to the group.

There was a fine of £12.7 million (€14.8 million) from the United Kingdom's data regulator in April for allowing children under 13 to use the platform and use their data. In addition, the company also received a fine of €750,000 from the Dutch privacy authority in 2021 for failing to provide a privacy policy in the Dutch language, which was meant to protect Dutch children.

China's Access to TikTok User Data Raises Privacy Concerns

A former executive of ByteDance, the parent company of the popular social media platform TikTok, has made shocking claims that China has access to user data from TikTok even in the United States. These allegations have raised concerns about the privacy and security of TikTok users' personal information.

The ex-employees claims come at a time when TikTok is already under scrutiny due to its ties to China and concerns over data privacy. The United States and other countries have expressed concerns that user data collected by TikTok could be accessed and potentially misused by the Chinese government.

According to the former executive, Chinese Communist Party (CCP) officials have direct access to TikTok's backend systems, which allows them to obtain user data from anywhere in the world, including the US. This access allegedly enables the Chinese government to monitor and potentially exploit user data for various purposes.

These claims have significant implications for the millions of TikTok users worldwide. It raises questions about how their personal information is secure and protected from unauthorized access or potential misuse. Furthermore, it adds to the ongoing debate surrounding the relationship between Chinese tech companies and the Chinese government, and the potential risks associated with data sharing and surveillance.

ByteDance has previously denied allegations that TikTok shares user data with the Chinese government. The company has implemented measures to address privacy concerns, such as establishing data centers outside of China and hiring independent auditors to assess its data security practices.

However, these latest claims by a former executive fuel the skepticism and reinforce the need for transparency and independent verification of TikTok's data handling practices. It also underscores the importance of robust data protection regulations and international cooperation in addressing the challenges posed by global technology platforms.

Regulators and policymakers in various countries have examined TikTok's data privacy practices and explored potential restrictions or bans. These claims may add further impetus to those efforts, potentially leading to stricter regulations and increased scrutiny of TikTok's operations.

The allegations made by the ex-ByteDance executive regarding China's access to TikTok user data in the US have sparked fresh concerns about data privacy and security. As the popularity of TikTok continues to grow, it is crucial for the company to address these claims transparently and take additional steps to reassure users that their data is protected. Meanwhile, governments and regulatory bodies must continue to evaluate and enforce robust privacy regulations to safeguard user information in the era of global technology platforms.

Chinese Government to Ban TikTok Apps From Collecting U.S. Data

 


A spokesperson for TikTok issued a statement today responding to charges that the U.S. Congress was working to advance legislation. This would create another avenue for the US president to ban the popular video-sharing application from the country. 

There was a vote in the US House Foreign Affairs Committee earlier today that led to the passage of the Deterring America's Technological Adversaries (Data) Act. This would roll back US sanctions protections to creative content dating back 35 years to deter technological adversaries from targeting American institutions. Currently, the bill is being drafted in such a way that it would require the president to issue sweeping sanctions against Chinese companies that transfer personal data related to citizens of the US to organizations or individuals in China or "subject to the influence of China." 

The Coven tattoo studio owner is Angel Mae Glutz, who works in both fine art and tattooing. Most of Glutz's business is promoted on social media platforms, including TikTok. This has helped bring in clients from all over the world and promote her business. 

The ongoing battle on Capitol Hill between China-based TikTok and Congress may end up being a distraction for entrepreneurs like Glutz who rely on social media to market their businesses. Earlier this year, the White House banned TikTok's use on government devices and lawmakers are now considering legislation that would limit foreign adversaries' use of communication platforms and technology. 

Recently, many U.S. allies have expressed concerns about the video-sharing platform, most recently warning their staff to delete the app from their phones after the app caused an uproar among European Union institutions. In the Netherlands, the decision is being considered to follow the lead taken by Germany and Canada. 

According to CEO Shou Chew on Tuesday, TikTok now has 150 million monthly active users in the United States, which is a huge increase over the 40 million that the platform had earlier this year, while new calls are being made for its banning in the country. 

Generally speaking, TikTok poses a very low-risk danger to national security. This is in so far as the Chinese government can exercise influence over the app or its parent company which is not under its control. According to Chinese national security law, companies under its jurisdiction must comply with a wide variety of security activities under their jurisdiction to comply with the law. This is a serious issue since the public has little or no means to verify that leverage has been used in the way it has been described in the public domain. 

A violent border clash between India and China in 2020 caused a TikTok ban in India which in turn caused over 200 million TikTok users to be abruptly disconnected. Following the ban, TikTok has not returned to India. 

The United States, Canada, and the United Kingdom, among others, have recently enacted laws restraining TikTok use on official, government devices. However, they did not ban the app on personal devices. Last year, TikTok was found guilty of a massive data scandal. It was revealed that several employees accessed users' data, including journalists, as part of TikTok's effort to combat leaks in the media and crack down on them. 

These employees were terminated from the company according to the statement. There has been a sharp rise in the number of laws proposed by the U.S. to ban TikTok from the country completely. Other lawmakers have proposed mandating that ByteDance sell the video-sharing platform or ban the app completely.

Imperva Red Team Patches a Privacy Vulnerability in TikTok


The Imperva Red Team has recently identified a vulnerability in TikTok, apparently allowing threat actors to look into users’ activities over both mobile and desktop devices.

The vulnerability, which has now been patched, was the result of a window message event handler's failure to accurately verify the message's origin, providing attackers access to users’ sensitive data.

PostMessage API 

The PostMessage API (also known as the HTML5 Web Messaging API) is a communication mechanism that permits safe cross-origin communication between several windows or iframes inside a web application. The API enables scripts from different origins to exchange messages, overcoming the restrictions the Same-Origin Policy imposes, that normally restricts data sharing between distinct sources on the web.

The API includes methods named window.postMessage() and an event message. The postMessage() method is used to send a message from the source window to the target window or iframe, while the message event is triggered on the receiving end when a new message is received. The team discovered a script in TikTok's web application during the code analysis that seemed to be involved in user tracking. 

The Imperva report states that “the first step in discovering the vulnerability was to identify all the message event handlers in TikTok's web application. This involved a comprehensive analysis of the source code in locating instances where the PostMessage API was being used[…]Once all the message event handlers were identified, we proceeded to carefully read and understand the code for each handler. This allowed us to determine the purpose of each handler and evaluate the security implications of processing untrusted messages.” 

Exploiting the Vulnerability 

Attackers could send harmful messages to the TikTok web application through the PostMessage API by taking advantage of this vulnerability and getting around the security precautions. The malicious message would then be processed by the message event handler as if it were from a reliable source, giving the attacker access to private user data.

The vulnerability was promptly addressed after being reported to TikTok by the Imperva Red Team, and Imperva appreciated TikTok for its swift action and cooperation. This disclosure should serve as a reminder of the value of adequate message origin validation and the risks of enabling interdomain communication without the necessary security precautions.  

The Montana Legislature Banned TikTok

 


A bill introduced in Montana would prevent apps like TikTok from being listed for download on app stores such as Google Play and Apple's App Store. The bill is forwarded to Republican Governor Gianforte for signature. 

TikTok, owned by Chinese investors, continues to be the target of fierce battles. As part of their efforts to address short-form video apps, Montana lawmakers voted on Friday to ban the most popular app from the state. 

Reuters writes that a bill would prevent applications like TikTok from being listed on apps stores, like Google Play or Apple's App Store in Montana. A 54-43 vote in the Montana House of Representatives approved the bill, SB419. Upon signing the bill, Gianforte will ensure it comes into effect in January. Despite the potential for substantial legal challenges, the legislation may still pass. 

However, there is nothing in the bill that makes it illegal for people who already use the app. This is regardless of the enacted law. The bill's original version forced internet providers to block TikTok. However, that particular language was removed, and it is not part of the amended bill. 

A state government has taken the first step in restricting TikTok in response to perceived security concerns since the legislation was passed. A national ban on TikTok seems to be on the cards after some federal lawmakers have called for an end to the app. 

A bill has been introduced targeting TikTok. It outlines the potential penalties imposed on the company if it violates the law daily. In addition to app stores that violate the law, penalties would also apply. As a result, users who access TikTok as part of their routine will not be penalized for doing so. 

As a result of allegations that TikTok's Chinese owner, ByteDance, places US users' personal information at risk for marketing purposes, the app has come under significant scrutiny from US legislators in recent months. Several congressmen have called for American data sharing with the Chinese government at the federal and state level. Last month, a congressional committee grilled TikTok CEO Shou Zi Chew on the issues widely held by the general public on social media.  

Numerous claims are being made against TikTok, including accusations of data theft, data mining, piracy, and data collection. However, TikTok has repeatedly denied these claims. To gain respect among US legislators, TikTok poured more than $1 billion into establishing a database where American users' data would be archived exclusively on Oracle's servers.

As acknowledged by its champions, the bill's supporters have no practical plans for operationalizing this attempt to censor American voices and therefore have no chance of succeeding. It has also been confirmed by TikTok's spokesperson Brooke Oberwetter that a court will decide whether the bill's constitutionality can stand up in court. Brooke hopes that the government of Montana will continue to abuse the First Amendment to keep TikTok users and creators in Montana from earning a living and protecting their rights under the First Amendment. 

Currently, the bill is being sent to the governor to be signed into law. There is a high probability that Republican governor Greg Gianforte will sign it. In Montana, TikTok has been banned from government devices because he previously banned it. Similar executive orders have been enacted by other states to ban the use of the app on devices and networks owned and operated by the government. 

Data safety concerns, surveillance by the Chinese government, and the involvement of minors in "dangerous activities" resulting from TikTok use were cited in the bill, which included a claim that minors were cooking chicken in NyQuil and climbing milk crates as dangerous activities. Critics of the app say that these activities were part of a set of challenges that had become popular. 

As a result of the links that TikTok's parent company, ByteDance, has with TikTok's parent company, the Chinese government has been widely expressed as having a potential risk of accessing user data from TikTok. 

In addition, they worry that this kind of information could be used by Chinese intelligence agencies or propaganda campaigns for their benefit. It is unclear whether the Chinese government has accessed or used any data related to TikTok's US users to influence them, and there has been no public evidence of this. According to Christopher Wray, Director of the FBI, the FBI does not believe many signs would be at first glance if this were to happen if it did happen. 

To make TikTok safer and more sustainable, the US government has called on its Chinese owners to spin off TikTok. In the context of its Project Texas initiative, TikTok says it can address national security concerns by installing a "firewall" around US users' data covering a wide area of cyberspace. 

Despite the uncertainty surrounding Montana's legislation's future, there is still hope for it. TikTok is a member of an industry group called NetChoice, which also has other technology companies in its membership. The group declared Friday that SB419 violates the US Constitution by trying to punish a person without a trial, or so-called "bills of attainment." 

It has been alleged by other civil society organizations that SB419 violates Montanans' rights to free expression as well as their access to information under the First Amendment. Earlier this week, the American Civil Liberties Union sent a letter to members of state legislatures in which the organization made the argument that government restrictions on freedom of speech must meet a high constitutional standard. 

As a result of SB 419, Montanans would be better off without a platform where they could speak out freely and exchange ideas daily; this would be censorship. 

According to the letter, if this becomes a law, it will set a dangerous precedent that government bodies will hold excessive control over Montanans’ access to the internet. According to Lynn Greenky, a First Amendment scholar and associate professor of Communication Studies at Syracuse University, the legislation also refers to "dangerous content" and "dangerous challenges" to TikTok phrases, raising an immediate "red flag" that will trigger a more thorough review of the bill. 

The bill sponsor, Shelley Vance, did not respond to a request for comment immediately after receiving it. In response to a question about Gianforte's comments, Gianforte's spokesperson failed to respond immediately. If the law is passed, the app ban will be implemented before 2024 begins. Several Congressmen are expressing concerns about the app as security concerns rise due to Chinese owners. As part of the Biden administration's warning issued last month, TikTok's parent company ByteDance, based in China, was told to divest ownership of the service or face a ban by the federal government.

Lemon8 Enters US Top Charts With TikTok Parent

 


The company ByteDance, which owns TikTok's parent company ByteDance, released Lemon8, a social network app. Lemon8 boasts being one of this week's top 10 most downloaded apps on the US App Store. 

Lemon8 was released in Japan in 2020, and in February 2023, the US market will get the app from Beijing-based ByteDance.

Lemon8 has food, beauty, wellness, and travel videos and images you can share. There can be a comparison between it and Pinterest, or it can be described as a mix of both of them. 

During a hearing on March 24th, the US House Energy and Commerce Committee, which oversees energy and commerce in the federal government, questioned TikTok chief executive Shou Zi Chew regarding the short video app's data security policies. 

TikTok has quickly become one of the most popular short-form video apps in the U.S. when it comes to the battle for dominance in social media and short-form video content in the country. TikTok's features have been copied by others, which could give TikTok an edge if banned. 

TikTok-parent ByteDance has launched a social media app named Dots, which topped the charts on Apple's App Store for 3 days running. Despite TikTok being banned by the United States government, it is still available. 

As of April 2020, Lemon8, a social media service created by Meta-owned Instagram that launched globally in March 2020, jumped up to number 10 on the overall top chart in the US App Store. On yesterday's list of the highest-rated apps, excluding games, it was number 9.     

There is no doubt that this fast turnaround from being an unranked app to being No. 9 among the top free apps in the U.S. - ahead of YouTube, WhatsApp, Gmail, and Facebook - is an indication that the app publisher has been pushing hard to acquire millions of users in recent weeks and months. Currently, third-party analysts do not have any precise data about Lemon8's installs in the U.S. at the moment, because the app is so new to the App Store's Top Charts. They also do not know how Lemon8's installs have changed over the past few days because the app is so new to the App Store.   

According to Lemon8, which is pitched as a lifestyle community' app aimed at younger audiences, the platform is a content-sharing platform with an emphasis on video content. "The content displayed here is of the highest quality, authentic, and diverse, which is exactly what you will find here. This is the App Store page that said "A destination for sharing, discovering, and collaborating.". 

As ByteDance is facing tough regulatory turbulence in the West, some governments are imposing bans on its flagship TikTok app from official devices such as iPads and iPhones as a consequence of its recent surge in popularity. A few of these countries include the United Kingdom, the United States, Canada, and the European Union. 

As a result of the U.S. ban on TikTok, other social media platforms and video platforms could benefit as well. These platforms include Snapchat Inc. (NYSE: SNAP), YouTube, and Meta Platforms Inc.'s Facebook and Instagram companies, owned by Meta Platforms Inc. several Chinese mobile apps were downloaded in the U.S. during the first three weeks of March. A Chinese e-commerce company named Pinduoduo Inc (NASDAQ: PDD) owns and operates TEM U, an online marketplace for the U.S., which ranks at the top of the list. There were several ads featuring Temu in February that were aired before the Super Bowl.   

Deepwater Asset Management Managing Partner, Gene Munster, recently emphasized that two items should be considered when evaluating the possibility of banning TikTok. This is in the discussion. Munster said there is increased tension between the U.S. and China due to the ban discussion. As a result, the national youth could be endangered by platforms like TikTok, which allows for the production of short-form visual content.   

According to Munster, it has become a hot-button issue for some to investigate the impacts of short-form videos on mental health. 

Despite Munster's suggestion that companies such as Meta Platforms might benefit from a ban on TikTok, these companies may face pressure from Congress if a ban is enacted. This is due to TikTok's immense popularity in the long run. 

The company's chief executive officer, Gene Munster, warned that Snap and Meta Platforms, as well as its stock, may experience regulatory hurdles within the next few months as a result of upcoming regulatory changes. There is an effort in some states to limit how much time teenagers spend on social media and video apps as a result of the growing usage of these apps. 

Pleading TikTok to "Think of the Children" Misses the Point


In nearly every congress hearing on big tech, be it on privacy, monopoly, or in the case of last week’s TikTok hearing on national security, at least one lawmaker is seen to be concerned about something along with the lines of “But think of the kids!” 

In a recent hearing, a number of officials, including New Jersey Democrat Frank Melone, cited studies demonstrating that TikTok disseminates offensive material for children and teenagers. The site sends content about self-harm and eating disorders to children and young people every 2.6 minutes, or every eight minutes, according to a new study from the Center for Countering Digital Hate. The concern is furthered by the fact that TikTok is a popular platform choice among young users. According to a 2022 Pew Research Survey, the app was utilized by 67 percent of the teens polled, followed by YouTube. 

Callum Hood, research director at the Center for Countering Digital Hate, said in a press statement “Without legally mandated security through design, transparency, and accountability, the algorithm will continue to put vulnerable users at risk.” 

Although, Shou Zi Chew, CEO of TikTok noted that these are the issues that almost all major social media platforms have faced in recent years. These concerns are echoes of complaints that Meta has made in the past, particularly in connection to Instagram. 

When it comes to commenting on how harmful could a platform be to children, it often seems more of an attention-seeking tactic, highlighting some of the most common worries that American parents have. What kind of monster would not want to ensure that children are protected from exploitation and hazardous content? The attention paid to young users also presents one of the few open doors for bipartisan collaboration. 

But only a day before Chew was scheduled to testify before Congress, another gunshot forced students at Denver East High School to flee their classrooms. A pandemic-era program that provided free school meals to all children was phased away earlier this year in favor of a system based on income, which will put more obstacles in the way of the kids who need it the most. Due in large part to entrenched problems with economic inequality and a deteriorating social safety net, about one-third of children in the US live in poverty. 

Children are impacted by things like a lack of gun safety regulations and a lack of funding for social or educational initiatives, but these concerns frequently result in impasses in legislative and policymaking processes. Moreover, pleading with lawmakers to "think about the children" rarely has an impact. When it comes to Big Tech, the focus on "the kids" frequently oversimplifies and diverts attention from the more delicate issues of privacy, widespread data collection, the outsized power of certain companies to dominate smaller competitors, and the transnational nature of extremist content and misinformation. Instead, we need to ask deeper questions: How long should companies be able to keep data? What should it be used for? Can private companies that want to educate the next generation of consumers ever be incentivized to set time limits or restrict access to content for young users? Overall, how do our systems allow damage? 

There are certain ways that would get the concerns regarding children's well-being to light, practically protecting them. Although, it is rare to find favor in Congress. While officials may express concerns about how TikTok in the US differs from its Chinese counterpart, Douyin, in terms of the experience for young users, little has changed in legislation to address the online harms experienced by US children in the five years since the Tide Pod challenge or even the 18 months since Frances Haugen first testified before Congress, despite her frequent appearances on television hearings. 

In regard to these cases, Senators Edward J. Markey and Bill Cassidy are proposing a bipartisan bill for 2021 that would prohibit internet companies from gathering user data from users between the ages of 13 and 15 and establish a juvenile marketing and privacy branch at the Federal Trade Commission. However, the bill is yet to be voted on in the Senate.  

Cerebral Admits to Revealing Patient Information to Meta, TikTok, and Google

 

As per TechCrunch, Cerebral, a telehealth startup specialising in mental health, inadvertently shared sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers. Cerebral admits to exposing a slew of patient data with the tracking tools it's been using since October 2019 in a notice posted on the company's website. 

Patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and other information are all impacted by the oversight. It is possible that the answers clients provided as part of the mental health self-assessment were exposed on the company's website and app, which patients can use to schedule therapy appointments and receive prescription medication.

Cerebral claims that this data was gathered through the use of tracking pixels, which are pieces of code that Meta, TikTok, and Google allow developers to embed in their apps and websites. For example, the Meta Pixel can gather information about a user's activity on a website or app after clicking an ad on the platform, and it can even keep track of the information a user fills out on an online form. While this allows companies like Cerebral to track how users interact with their ads on various platforms and the actions they take as a result, it also gives Meta, TikTok, and Google access to this data, which they can then use to gain insight into their own users.

Cerebral notes that the exposed information may "vary" from patient to patient depending on a variety of factors such as "what actions individuals took on Cerebral's Platforms, the nature of the services provided by the Subcontractors, the configuration of Tracking Technologies," and more. The company says it will notify affected users and that "regardless of how an individual interacted with Cerebral's platform," no social security numbers, credit card numbers, or bank account information were exposed.
Cerebral says it has "disabled, reconfigured, and/or removed" any tracking pixels on the platform to prevent future exposures and has "enhanced" its "information security policies and technology vetting processes" since discovering the security hole in January.

Cerebral is required by law to report potential HIPAA violations. HIPAA stands for Health Insurance Portability and Accountability Act. This prohibits healthcare providers from disclosing patient information to anyone other than the patient or anyone the patient has given permission to receive health information. The US Office for Civil Rights is currently investigating the breach, which follows similar incidents involving pixel-tracking tools.

An investigation by The Markup last year discovered that some of the nation's top hospitals were sending sensitive patient information to Meta via the company's pixel. Two class-action lawsuits were filed, accusing that Meta and the hospitals in question violated medical privacy laws.

The Markup discovered months later that Meta was able to obtain financial information about users via tracking tools embedded in popular tax services such as H&R Block, TaxAct, and TaxSlayer. Meanwhile, other online medical companies, such as BetterHelp and GoodRx, were fined by the FTC earlier this year for sharing sensitive patient data with third parties.

Cerebral is being investigated by the Department of Justice and the Drug Enforcement Administration for prescribing controlled substances such as Adderall and Xanax, in addition to whether or not it violated HIPAA regulations. It has since stopped prescribing these medications.

Expert Suggested Ban on TikTok for Government-issued Phones in Australia

The Australian government recently decided to stop their employees from using TikTok, which is an app that lets people make and share short videos. The government is worried that the company that owns TikTok has connections to the Chinese government and that the Chinese government could get access to information about TikTok users. 

Following the action, some experts think that it is a good idea to ban TikTok, and they also think other social media apps should be banned too. Furthermore, an increasing number of government agencies in Australia are taking action to prohibit the use of the widely-used ByteDance app. 

This is due to heightened security concerns surrounding the app's connection to China, prompting worries about potential risks and threats to national security. 

“I don’t think it’s as simple as TikTok – bad; American companies – good, I think they’re all bad,” Professor Vanessa Teague, a cybersecurity researcher at the Australian National University reported. 

The Canberra Times newspaper has reported that almost half of the government agencies in Australia have stopped their employees from using TikTok on devices owned by the government. 

Teague mentioned that although Apple and Google offer users more control over what data they share with social media apps, these apps can still gather a significant amount of information on their users.

“It’s all well and good to turn off location permission, but if you then upload a photo or a video that has your GPS coordinates … then you told them where you are, so it’s better but it doesn’t completely solve the problem…,” Teague told. “…I don’t actually think they’re really solving the problem unless they’re solving the problem of Australians’ privacy and security, which would mean strong privacy laws, better education, encouragement of end-to-end encryption, and an end to this nonsense that encryption is only for paedophiles.”

Although many people are mainly worried about TikTok, the Department of Home Affairs is looking at all social media apps to see if they are safe to use or not. The home affairs minister has asked for this review, and the report will be ready in the first three months of this year. 

Here are the Countries That Have Imposed TikTok Ban


This week, the U.S. and Canada have issued orders to ban the use of TikTok on state-issued gadgets, following the raising cybersecurity concerns over the video-sharing app. 

Bytedance, the Chinese company that owns TikTok, has long insisted that it does not exchange data with the Chinese government and that it does not store any of its data there. 

The company alleges that the app is independently managed and refutes claims that it collects more user data than other social media sites. However, many countries tend to have erred on the side of caution when it comes to the platform and their ties to China. 

We are listing the countries and regions that have either imposed a partial or a complete ban on TikTok: 

INDIA 

India imposed a ban on TikTok along with several other Chinese apps like messaging app WeChat in 2020, following concerns over user privacy and cybersecurity. 

The ban was implemented shortly after a clash between Indian and Chinese troops in a military dispute on the Himalayan border, which resulted in the death of 20 Indian soldiers and injured dozens. The corporations were given the chance to respond to inquiries about privacy and security requirements, but the ban was rendered permanent in January 2021. 

TAIWAN 

Following a warning issued by the FBI that TikTok presented a threat to national security, Taiwan banned the app from the public sector in December 2022. Chinese-made software, including apps like TikTok, its Chinese version Douyin, or Xiaohongshu, a Chinese lifestyle content app, is not permitted to be used on government equipment, including smartphones, tablets, and desktop computers. 

UNITED STATES 

This week, the US announced that the government authorities have 30 days to delete TikTok from federal devices and systems. The ban is applicable only to state-owned devices. China reacted angrily to the American decision to block TikTok, accusing the United States of abusing its power and stifling foreign companies. 

Also, the software is prohibited from being used on official devices in more than half of the 50 U.S. states. 

CANADA 

Following the announcement made by the US, Canada announced that the government-issued devices must not use TikTok on Monday, noting that the app could put the devices’ privacy and security at stake. In the future, the employees may as well be restricted to download the application. 

EUROPEAN UNION 

TikTok has been banned on employee devices by the European Parliament, European Commission, and EU Council, three of the major EU organizations. The embargo imposed by the European Parliament becomes effective on March 20. It has been advised to lawmakers and staff to uninstall the app from their personal devices. 

PAKISTAN 

Since October 2020, Pakistani authorities have briefly banned TikTok at least four times due to worries that the app encourages immoral content. 

AFGHANISTAN 

In 2022, the Taliban leadership in Afghanistan outlawed TikTok and the Chinese game PUBG, citing the need to prevent children from "being misled."  

What Are Some Big Cyber-Security Fears Concerning TikTok?


China claims that the US has inflated national security concerns over TikTok in an effort to suppress the Chinese startup. Due to concerns over cyber-security, US federal entities have been asked to remove the Chinese app from all staff devices within 30 days. Canada and the EU have taken similar actions, and some politicians have called for nationwide bans. 

TikTok executives, who successfully escaped having their popular app banned in the US by then-president Donald Trump in 2020, had to deal with a barrage of inquiries every day about the dangers TikTok presented to cyber security. The topic was largely put to rest in 2021 when President Joe Biden overturned Trump's proposal due to various complicated legal challenges. 

One could almost hear a sigh of relief from both TikTok and the millions of influencers who rely on the social media app to make a career. 

But now, in an ironic nod to the video app's recognizable looping style, we have come full circle. With the stakes even higher now. 

Nearly three years prior to Trump's planned ban, TikTok had been downloaded 800 million times worldwide. As of now, 3.5 billion people have downloaded it, according to app analytics company Sensor Tower. 

With a rise in geopolitical strain between China and Western Countries, it is clear that the future of TikTok is more at risk than ever. 

We are listing some of the prime cyber-security concerns pertaining to TikTok that are continually raised, and how the company addresses them: 

1. TikTok Collects an ‘Excessive’ Amount of Data 

TikTok's critics frequently claim that it collects vast amounts of data. It's common to use a cyber-security assessment from Internet 2.0, an Australian cyber business, from July 2022 as proof. 

Researchers examined the source code of the app and found evidence of "excessive data harvesting" within it. According to analysts, TikTok gathers information about users' locations, the devices they are using, and the other apps they have installed. 

Although, a similar test conducted by Citizen Lab concluded that "in comparison to other popular social media platforms, TikTok collects similar types of data to track user behavior." 

Likewise, a report by the Georgia Institute of Technology in January states "The key fact here is that most other social media and mobile apps do the same things." 

2. TikTok Could be Used as a ‘Brain-washing’ Tool 

TikTok's spokeswoman said: "Our community guidelines prohibit misinformation that could cause harm to our community or the larger public, which includes engaging in co-ordinated inauthentic behavior." 

In November 2022, FBI Director Christopher Wray told the US lawmakers: "The Chinese government could… control the recommendation algorithm, which could be used for influence operations." 

Douyin, a sibling app to TikTok that is exclusively available in China, is heavily censored and purportedly designed to encourage the viral spread of positive and wholesome content, which adds fuel to those worries. 

In fact, all social networking sites in China are closely monitored by an army of internet police, who apparently take down content that criticizes the government or instigates political unrest. 

As TikTok gained popularity, there were high-profile instances of censorship on the app. For example, a user in the US had her account suspended for denouncing Beijing's treatment of Muslims in Xinjiang; following a ferocious public outcry, TikTok issued an apology and restored the account. 

Since then, there have not been many instances of censorship, aside from the contentious moderation choices that all platforms must make. 

Although, while comparing TikTok and Douyin, Citizen Lab researchers concluded that the later does not comprise any political censorship. 

The Georgia University of Technology analysts also looked for jokes about Chinese Premier Xi Jinping and issues like Taiwan's independence. They came to the following conclusion: "Videos in all of these categories can easily be found on TikTok. Many are popular and widely shared." 

Theoretical Risk 

Hence comes the entire picture of theoretical fears and risk. 

Certain critics deem TikTok as a “Trojan horse,” meaning although it may look harmless, it could potentially be utilized as a powerful weapon in times of conflict. 

The app is already banned in India, in an initiative taken against the app and dozens of other Chinese platforms in the year 2020. 

Nonetheless, a US ban on TikTok might have a significant effect on the site since allies of the US frequently support such measures. 

Moreover, it is worth mentioning that risks are a one-way street. Due to the long-standing restriction on access for Chinese individuals, China need not be concerned about US apps.  

Apple and Google are Under Rising Pressure to Remove TikTok From App Stores

 

In a letter to Apple and Google CEOs Tim Cook and Sundar Pichai on Thursday, Sen. Michael Bennet (D-CO) demanded that TikTok be removed "immediately" from their app stores. Bennet's push to limit app downloads is the latest in a string of congressional actions to outlaw the embattled Chinese-owned app. Republicans and Democrats have been calling on their colleagues and Biden administration officials to impose stricter data collection restrictions or a nationwide ban on the app since January, citing potential threats to US national security. 

“TikTok’s vast influence and aggressive data collection pose a specific threat to US national security because of its parent company’s obligations under Chinese law,” Bennet wrote. “Given these grave and growing concerns, I ask that you remove TikTok from your respective app stores immediately.”

Bennet, a member of the Senate Intelligence Committee, is the first lawmaker to contact app store providers such as Apple and Google and request that TikTok be removed. TikTok has been in talks with the federal government, specifically the Committee on Foreign Investment in the United States (CFIUS), for more than three years in order to continue operating its app in the United States. TikTok has come under increasing scrutiny from lawmakers who are concerned that the app may share US user data with the Chinese government. 

TikTok CEO Shou Zi Chew described "Project Texas," the company's plan to move all data from Virginia and Singapore to US-based Oracle servers overseen by a new subsidiary known as TikTok US Data Security Inc., in a rare public interview at last year's New York Times DealBook summit.

Despite these efforts, public pressure to ban the app has grown in response to revelations that ByteDance employees have repeatedly accessed the data of US users over the last few years.
Forbes reported in December that ByteDance employees improperly obtained data collected from US users. At least two reporters' data was viewed by ByteDance employees who were looking into previous leaks of internal company documents. ByteDance affirmed the reports and stated that all four employees involved in the scheme, two of whom worked in China, had been fired.

TikTok and CFIUS have yet to reach an agreement to keep the app operational in the United States. The Wall Street Journal reported last month that talks between the two parties had stalled, postponing any expected deal. With TikTok's future uncertain, lawmakers have begun to pursue their own solutions. Chew was scheduled to appear at a House Energy and Commerce Committee hearing on US user safety and security earlier this week.

“Big Tech has increasingly become a destructive force in American Society,” chair Cathy McMorris Rodgers (R-WA) said in a statement Monday. “Bytedance-owned TikTok has knowingly allowed the ability for the Chinese Communist Party to access American user data.”

TikTok spokesperson Brooke Oberwetter welcomed "the opportunity to set the record straight" in response to Monday's hearing announcement. During the March 23rd hearing, Oberwetter stated that TikTok intends to discuss its "comprehensive plans" to protect US user safety. 

Unlike Google, Apple has a lot to lose in terms of its relationships with both the United States and China. Cook's ability to maintain working relationships with the Chinese government and manufacturers has contributed significantly to Apple's success.