Nir Kshetri, University of North Carolina - Greensboro
A growing number of public schools and colleges in the U.S. are moving to ban TikTok - the popular Chinese-owned social media app that allows users to share short videos.
They are following the lead of the federal government and several states, that are banishing the social media app because authorities believe foreign governments - specifically China - could use the app to spy on Americans.
The app is created by ByteDance, which is based in China and has ties to the Chinese government.
The University of Oklahoma, Auburn University in Alabama and 26 public universities and colleges in Georgia have banned the app from campus Wi-Fi networks. Montana's governor has asked the state's university system to ban it.
Some K-12 schools have also blocked the app. Public schools in Virginia's Stafford, Prince William and Loudoun counties have banned TikTok on school-issued devices and schools' Wi-Fi networks. Louisiana's state superintendent of education recommended that schools in the state remove the app from public devices and block it on school-issued devices.
As a researcher who specializes in cybersecurity, I don't believe these schools are overreacting. TikTok captures user data in a way that is more aggressive than other apps.
The version of TikTok that is raising all these concerns is not available in China itself. In an effort to protect Chinese students from the harmful effects of social media, the Chinese Communist Party has issued a rule that limits the time students can spend on TikTok to 40 minutes a day. And they can view only videos with a patriotic theme or educational content such as science experiments and museum exhibits.
Aggressive tactics to capture and harvest user data
All major social media platforms raise privacy concerns and include security risks for users.
But TikTok does more than the rest. Its default privacy settings allow the app to collect much more information than the app needs to actually function.
Every hour, the app accesses users' contact lists and calendars. It also collects the location of devices used to access the service and can scan hard drives attached to any of those devices.
If a user changes privacy settings to avoid that scrutiny, the app persistently asks for that permission to be restored. Other social networking apps, like Facebook, don't ask users to revise their privacy settings if they lock down their information.
How TikTok handles the data it collects from users also raises concerns. Ireland's data protection regulator, for instance, is investigating possible illegal transfers of European citizens' data to Chinese servers and potential violations of rules protecting children's privacy.
As with other social media services, researchers have found serious vulnerabilities with TikTok.
In 2020, cybersecurity company Check Point found that it could send users messages that looked as if they came from TikTok but actually contained malicious links. When users clicked on those links, Check Point's researchers could seize control of their TikTok accounts, get access to private information, delete existing content and even post new material under that user's account.
Hackers have also taken advantage of viral TikTok trends to distribute malicious software that creates additional cybersecurity problems. For instance, a trend called the "Invisible Challenge" encouraged users to use a TikTok filter called "Invisible Body" to film themselves naked - assuring users their followers would only see a blurry image, not anything revealing.
Cybercriminals created TikTok videos that claimed they had made software that would reveal users' nude bodies by reversing the body-masking filter. But the software they encouraged users to download actually just stole people's social media, credit card and cryptocurrency credentials from elsewhere on their phones, as well as files from victims' computers.
National security concerns
Many U.S. lawmakers have objected to the app's location tracking services, saying it could allow the Chinese government to monitor the movements and locations of U.S. citizens - including members of the military or government officials.
If the Chinese government wants information about the more than 90 million TikTok users, it does not need to hack anything.
That's because China's 2017 National Intelligence Law requires Chinese companies to share any data they collect if the government asks.
Technology industry observers have also raised concerns that ByteDance, the company that makes TikTok, may be partially owned by the Chinese government.
These problems take on even more importance in the context of the Chinese government's alleged efforts to build a huge "data lake" of information about all Americans. China has been linked to several large-scale cyberattacks targeting federal employees and U.S. consumers. These attacks include the 2015 hack of the U.S. Office of Personnel Management, 2017 attacks on the consumer credit reporting agency Equifax and the 2018 attack on hotel group Marriott International.
Negative effects outweighing positive ones?
Teachers and school administrators have used TikTok in some interesting, and useful, ways - such as connecting with students, building relationships, teaching about the risks of social media and delivering small, quick lessons.
But it is not clear whether those positive effects counterbalance the potential and actual harm. In addition to general concerns about the possible risks of social media addictions, some school officials say increased TikTok use has distracted students from paying attention to teachers.
Also, the app's algorithm for recommending videos to watch next has increased students' risk of suicide and eating disorders. The "One Chip Challenge," which asks TikTok users to eat a single chip containing two of the world's spiciest chili peppers, sent some students to the hospital and made others sick.
TikTok videos have also led students to engage in vandalism. In response to one viral challenge, some students stole bathroom sinks and soap dispensers from schools.
With all that potential for harm and damage, it's not surprising school officials are considering a ban on TikTok.
Nir Kshetri, Professor of Management, University of North Carolina - Greensboro
This article is republished from The Conversation under a Creative Commons license. Read the original article.