According to a bombshell report by Forbes released yesterday, China-owned ByteDance, the parent company of TikTok, planned to use the popular social app to monitor the physical location of specific American citizens. The project was assigned to a team led out of Beijing—and would track the movements and location of targeted Americans without their knowledge or consent.
While it’s been widely reported the cybersecurity and privacy concerns of TikTok—including an attempt by former President Trump to ban the app to US citizens—this is the most explosive report yet.
The team behind the monitoring project is part of ByteDance’s “Internal Audit and Risk Control department”, and is led by Song Ye, located in Beijing. Ye reports direct to ByteDance cofounder and CEO Rubo Liang.
A TikTok spokesperson admits that the app “collects approximate location based on IP addresses ‘among other things’, to help show relevant content and ads to users.” TikTok also claims that it “complies with applicable (local) laws,” and “detects and prevents fraud and inauthentic behavior.”
But Forbes reports that the ByteDance Internal Audit team was, in fact, not using this location information for serving ads or content—and instead, using it to target and track specific Americans, or US citizens.
TikTok also declined to comment if it has ever served different content to US government officials, politicians, activists, or journalists, according to Forbes.
TikTok denies allegations
While Forbes can’t reveal the methods involved in order to protect their sources, TikTok chose not to respond to Forbes’ allegations, at least initially.
But on Friday, October 20, ByteDance formally responded stating that the Forbes report “lacks both rigor and journalistic integrity.”
TikTok claims that Forbes “chose not to include the portion of our statement that disproved the feasibility of its core allegation: TikTok does not collect precise GPS location information from US users, meaning TikTok could not monitor US users in the way the article suggested.”
TikTok also claims that it has never used its app to “target” any members of the US government or other potentially valuable users.
Yet, in July TikTok CEO Shou Zi Chew admitted that “employees outside the US, including China-based employees, can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team.”
Effectively, there is no way to ensure that Tiktok data doesn’t reach back to Chinese servers, employees, or as Forbes suggests—Internal Audit Teams.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.