Why would social media app ‘TikTok’ be collecting massive amounts of data on Western users?

TikTok’s massive data collection of it’s users was recently discovered when Jeremy Burge, head of the online emoji directory ‘Emojipedia‘, shared a video showing alerts of data being transferred by TikTok each time he typed a keystroke on his phone, or in other words; TikTok was key-logging user’s messages, according to the video he posted;

[Screencapture video of TikTok keystroke logging in real time – now deleted].

This means that anything you typed on your phone may have been seen by whoever TikTok was sending the data to. The world only came to learn this was happening because of a new security feature in iOS 14 for iPhones that gives users a notification when an app is collecting user data.

Apple had added the new security feature after finding an issue with iOS 14 that let apps secretly access the clipboard of iPhones and iPads. Prior to this users would normally have no way of knowing data was being monitored. Security researchers noted that TikTok appeared to be monitoring data, and a lot more – for anyone familiar with TikTok’s shady history this should come as no surprise.

In October 2019, in a bipartisan move, senators Chuck Schumer and Tom Cotton sent a letter [PDF] to the acting director of national intelligence, Joseph Maguire, to assess TikTok and other Chinese owned content platforms for possible national security risks. They noted that TikTok is owned by Beijing based technology company ByteDance, which runs other content platforms in China, and they stated this in the letter;

TikTok’s terms of service and privacy policies describe how it collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information. While the company has stated that TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China.

Leader Schumer and Senator Cotton’s letter to Acting Director of National Intelligence, Joseph Maguire

They also noted several issues with Chinese tech companies including their adherence to Chinese state censorship, and also wrote;

Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cyber security laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party. Without an independent judiciary to review requests made by the Chinese government for data or other actions, there is no legal mechanism for Chinese companies to appeal if they disagree with a request.

Leader Schumer and Senator Cotton’s letter to Acting Director of National Intelligence, Joseph Maguire

And so what does that mean? Although TikTok itself may or may not be directly involved in espionage, being owned by ByteDance, a Chinese company, means that it has to follow Chinese law – they have no choice otherwise, and part of that law requires that all companies give the Chinese Communist Party access to any data it requests. Under the CCP’s national security law all data needs to be secured and controllable by the Chinese Communist Party.

Now let’s talk about some of the background of this, and some important pieces that a lot of people may have forgotten. So who is behind byteDance, the company that owns TikTok? The founder and CEO of the company is Zhang Yiming.

A statement Yiming issued in 2018 should have been taken as a serious red-flag over the security of TikTok; Zhang was forced to write a public apology letter after being accused of not following the Chinese Communist Party’s guidelines closely enough. He wrote in April 2018 that the problems his company faced emerged from a poor understanding of how to implement the four consciousnesses. This referred to a directive of CCP leader Xi Jinping going back to January 2016. China Media Project described the four consciousnesses as;

  1. political consciousness (政治意识) namely primary consideration of political priorities when addressing issues;
  2. Consciousness of the overall situation (大局意识) or of the overarching priorities of the party and government;
  3. core consciousness (核心意识) meaning to follow and protect Xi Jinping as the leadership core;
  4. integrity consciousness (看齐意识) referring to the need to fall in line with the party.

In other words; these four consciousnesses, these policies that Chinese companies have to abide by, mean that they have to follow the party state, the Chinese Communist Party (CCP), and they cannot deviate from that at any level. Zhang stated in a letter;

I profoundly reflect on the fact that a deep-level cause of the recent problems in my company is: a weak [understanding and implementation of] the “four consciousnesses” [of Xi Jinping]; deficiencies in education on the socialist core values;and deviation from public opinion guidance. All along, we have placed excessive emphasis on the role of technology, and we have not acknowledged that technology must be led by the socialist core value system, broadcasting positive energy, suiting the demands of the era, and respecting convention.

Apology and reflection‘ – Zhang Yiming

Zhang promised to use the platforms he has to broadcast as the mouthpieces of the CCP, and it was shortly after this, after Zhang issued this public apology and stated his promise to more closely follow the CCP and its directives, that TikTok began hitting it big in the United States.

This happened around October 2018, after they merged with US app, music.ly on August 2nd 2018, which had just reached a milestone of 100 million monthly active users. At the time it was considered merely part of ByteDance’s larger strategy to break into the US market.
In the first quarter of 2018, TikTok was the world’s most downloaded iOS app, according to a report from US research firm Sensor Tower.

But the story here goes a lot further than TikTok. This is a broader trend within the Chinese Communist Party and the different companies operating from China. You might remember the CEO behind popular teleconferencing app Zoom, Eric Yuan, who admitted that Zoom was routing US data through servers in China, although he claimed this was done mistakenly.

CEO Eric Yuan, CEO of Zoom
Eric Yuan, CEO of Zoom

The issue with Zoom also followed a pattern seen with other Chinese companies. For example, in June 2019 a huge amount of European mobile device traffic was diverted through systems controlled by China Telecom, which is a state-owned company under the Chinese regime’s China telecommunications Corp.

This followed a similar incident in April 2010 when an estimated 15% of the world’s Internet traffic was again routed through China Telecom networks. In other words they’ve been caught doing this twice now at least. The action was regarded as a form of cyber-attack known as ‘IP hijacking’, yet this was done on a massive, massive scale, again; 15% of global Internet traffic routed through their networks.

Only recently did the Pentagon list China Telecom, along with 19 other Chinese companies, as being backed by the Chinese military. Among the other Chinese companies on the list are China Mobile, Hikvision, and the increasingly infamous Chinese telecommunications company Huawei.

This brings up another important question; what does the Chinese Communist Party want personal data on Americans for? This comes amid other bizarre cases where the FBI revealed that the cyber criminals behind the 2017 breach of credit company Equifax, which stole sensitive personal data from at 145 million Americans, was none other than a group of soldiers in the Chinese military’s ’54 Research Institute’. [Indictment PDF].

54th Research Institute – FBI Most Wanted

Even then, the significance of the 54th Research Institute military branch was vastly overlooked.
Who is the 54th Research Institute? They are listed under the strategic support force of the People’s Liberation Army (PLA), but before the Chinese military was reorganized and they were placed under that branch under Xi Jinping, the military branch was under the General Staff Department – the Fourth Department. The significance of that was that it was the electronics intelligence branch of the Chinese military’s ‘War Fighting Department’.

So what is the personal data of Americans have to do with war fighting? Why would the War Fighting Branch of the Chinese military be stealing the personal data of millions of Americans, and why would the Chinese regime care about seeing the text messages, video conferences, and Internet activities of average Americans? This is where the big picture comes in; The Epoch Times reported going back to February 2016 that the Chinese Communist Party was building a database on all Americans.

You’re on File: Exclusive Inside Story on China’s Database of Americans
There is quite probably a file on you in Beijing

An insider source who was close to the program in China revealed that the CCP was expanding its own systems for high-tech surveillance and monitoring, such as under its Social Credit system, to include Americans as well. According to this insider, the Chinese Communist Party has built the database needed to make use of the massive trove of stolen data.

He said that to create the spy database, the CCP brought in a small group of independent software developers from the United States, who worked alongside Chinese security branches to implement the system.

The Epoch Times

The source at the time requested to have his name withheld in fear of reprisal from the CCP, but other sources confirm this man’s identity and said that he would have access to the kind of information he gave to The Epoch Times. In the past he also provided The Epoch Times of significant information about confidential matters in China, that also proved to be accurate. The new system that he explained was part of a broader shift in the Chinese regime’s efforts for espionage and social control. With that database the CCP is now able to keep tabs on foreigners, in very much the same way that it has kept tabs on its own citizens, their connections, and their political opinions.

He said that Chinese spy agencies finished building that system around July 2013, and the timing of this coincided with the March 2014 incident where Chinese hackers tried and failed to breach the Office of Personnel Management. Now this is something they later did succeed at doing and that exposed the background checks of an estimated 21.5 million US government workers to Chinese spies.

The source for the article, You’re on File: Exclusive Inside Story on China’s Database of Americans, said that one of the leading organizations that was involved with building this project was the ’61 Research Institute’, which is one of the four known institute’s under the Third Department of the General Staff Department. If all of the different departments named with numbers seems confusing – it’s meant to be that way.

The Epoch Times exposed this in a previous investigation; that, again, the ’61 Research Institute’ is one of the leading organizations behind the CCP’s state-run cyber-attacks. The organization itself is led by a man named Maj. Gen. Wang Jianxin. He’s the son of Wang Zheng, who was a pioneer of the Chinese Communist Party’s Signals Intelligence operations under Mao Zedong, founder of the People’s Republic of China.

And now while the 61 Research Institute’s role in the project ties it to global cyber-espionage, the source told The Epoch Times that many other Chinese domestic security branches were also involved in building the system, including various branches of the police, and about six branches of the secret police.

CCP global surveillance database

The function of the system and the departments involved in it suggests that it will be used not only as a database on Chinese people, but also as a system to monitor the foreigners. The source noted that one of its functions would be to gather information on individuals from all available sources in China and outside of China, that can then be used in criminal trials.

The claims from the insider were later substantiated in April 2019 in comments from representative Chris Stewart while he was commenting on the Chinese regime’s breach of the US’s Office of Personnel Management (OPM) stated;

They can run through those 23 million names in a heartbeat and connect dots in a heartbeat”…”have we seen evidence that they’ve done this? absolutely”

The Epoch Times source

So why does that matter? Again, the Chinese Communist Party has been caught on multiple occasions stealing personal information on Americans, and information that notably, they were not apparently using for financial gain, and so if it was not for financial gain, what were they doing it for?

This is why what’s happening with TikTok is something the World should be paying attention to, and now. Were they involved in the CCP’s data collection system? We can’t be sure, but we can say that the Chinese Communist Party has a history of using companies like this for that purpose, and the head of ByteDance himself admitted in his public letter, again, admonishing himself, stating that he would act at the behest of Chinese authorities, apologizing that he had not done enough of that previously, and said that he would do so going forward — right before of the international surge in popularity of TikTok.

The US government has banned federal employees from using the app, including their children, as it has the potential to use any device as ‘eyes and ears’ at any time. Also, the U.S. is now considering banning TikTok nationally, after the app was used to reserve a million ticket’s for President Trump’s Tulsa rally, June 20th, in order to sabotage the event. The story that surfaced was that teens did it as a prank, but other sources hint that may be a cover story for interference from Beijing.

In addition, India recently banned TikTok and 59 other Chinese apps from their entire country.

Is leaving yourself wide open to a murderous regime’s expansionist cyber-warfare tactics really worth cute video clips?

TikTok…time’s up.