Already a subscriber? Log in
- Unparalleled business coverage of the Iowa City / Cedar Rapids corridor.
- Immediate access to subscriber-only content on our website.
- 26 issues per year delivered digitally, in print or both.
- Support locally owned and operated journalism.
One of Iowa’s largest cybersecurity firms is recommending users to uninstall TikTok, following a directive from Governor Kim Reynolds to ban the app on all state-owned devices. In a statewide flash briefing Dec. 15, ProCircular will advise clients to remove the app, citing a potential threat to millions of citizens. “The dangers the government and organizations face when using TikTok include location tracking, loss of sensitive intellectual property, proprietary commercial secrets and personal data,” said Nic Stevens, director of incident response at ProCircular, in an email. In addition to location tracking and loss of sensitive information, private citizens can be easily susceptible to long-term information collection and influence campaigns, as well as the targeting of the younger demographic, he said. A report from the Center for Countering Digital Hate (CCDH) found some users — in the study posing as teenagers interested in content about body image and mental health — are shown harmful videos within minutes of downloading the app. This includes videos promoting self-harm and eating disorders. “On a technical level, users are forced to open links and content using the in-app browser for most third-party content (which can collect all keyboard inputs on the third-party websites),” Mr. Stevens said. “Other social media platforms allow easy access to content and links using the default browser, which prevents the application from tracking your activity and content.” TikTok can access all keyboard inputs that are utilized in the in-app browser. These inputs include passwords, credit card information and more, said Felix Krause, a security researcher and creator of fastlane tools. The app also has access to data such as device brand and model, Operating System version, mobile carrier, browsing history, app and file names, wireless connections and Personally Identifiable Information (PII). This includes age, image, personal contacts and relationship status, according to the Center for Internet Security. The Children’s Online Privacy Protection Rule of 1998 requires that apps cannot obtain the PII of children under 13 years of age without obtaining parental consent. It’s likely TikTok violates this standard, cybersecurity experts say. Lawsuits also allege TikTok collects biometric data like facial geometry, voice recognition and fingerprints through microphone and camera access. Cybersecurity firms like ProCircular, and now government officials, worry the Chinese-owned app has over-reaching permissions and user data collection and tracking, Mr. Stevens explained. "The risk is greater than other social media apps," he said. The governor’s directive also prohibits state agencies from subscribing to or owning a TikTok account on their personal devices. “It is clear that TikTok represents a national security risk to our country and I refuse to subject the citizens of Iowa to that risk,” said Ms. Reynolds in a statement on Dec. 13. “The safety of Iowans is my number one priority and that includes their cybersecurity.” Concerns surrounding TikTok stretch back as far as August 2020 when President Trump signed an executive order banning use of TikTok, as reported by NPR. President Biden revoked the executive order in June 2021, effectively ending any chance of Oracle and Walmart owning the U.S. entity of the service, BBC reported. On Dec. 14, the U.S. Senate passed bipartisan legislation banning TikTok from governmental devices. When asked if there are precautionary measures that businesses can take to protect themselves without deleting the app, Mr. Stevens said he is “not aware of any way to fully protect your data and activity while using TikTok.”