Lotus Ruan, who has conducted technical analysis of Chinese apps such as WeChat and is currently a senior researcher at Toronto-based research group Citizen Lab, echoes this view: “With the rise of TikTok and Chinese apps going global , (people) are looking at Chinese apps with a magnifying glass.” As a result, the risks are often exaggerated.
The actual differences between these apps and the US apps are very small, says Ruan. In 2021, a technical review of TikTok, conducted by a colleague of Ruan’s, stated that it “did not observe (TikTok or its Chinese version Douyin) collecting contact lists, recording and sending photos, audio, video or geographic coordinates location without the user’s permission. ” (WeChat, on the other hand, was found to monitor conversations even on accounts not registered in China.)
“We tend to securitize everything now,” says Ruan, “It’s important, but we have to be very careful when we apply a national security framework to data.” Concerns about what these apps might do should be based on actual technical research rather than guesswork and innuendo, he says.
Still, journalists and those in policy circles should keep a close eye on how these apps process their data, paying particular attention to whether any user data is transferred back to China.
As Xu tells me, there’s a legitimate national security concern about what happens to US user data when it’s inside China’s borders. China has developed a legal framework to protect personal data, but it focuses on holding private companies accountable, without limiting what kind of data the government receives from companies or what it does with that data.
There are things companies like ByteDance, which owns TikTok, can do to address concerns. For years, ByteDance has vowed to store and process US data only in the US, but there are still reports of company engineers in China improperly accessing US user data. “There are some things they’ve said they’re going to do, but they haven’t. I think that’s the problem,” says Xu. Enforcing this separation of user data – and using third-party audits to prove it has been done – would be a first step.
The political narrative surrounding TikTok as a national security threat may alienate some users—if TikTok isn’t good for government employees, shouldn’t I be concerned and stay away from it? But unless the US government implements a blanket ban on TikTok, I believe many others will continue to use it.
The reality is, at the end of the day, very few American users actively think about which country an app is from. Many people will simply weigh the benefits and risks: are silly videos entertaining enough to justify the risks of exposing their data to companies and potentially state actors?