TikTok – “It won’t make your day!”

Strewn throughout my cybersecurity news feed the past month have been reports from security companies and researchers about vulnerabilities with the very popular video-sharing app called TikTok. It is safe to assume that it is the most downloaded app today (1.5 billion times) for the iOS and Android platforms, with hundreds of millions of users around the world.

The graphic below highlights the reported TikTok security vulnerabilities with the app. On the heels of the developer patching these same TikTok security flaws are reports of its parent company, called ByteDance, including a deepfake feature within the app called Face Swap.




What is deepfake? Deepfake is the technology that manipulates an original video and audio source by swapping a person’s face with a realistic looking synthetic face from another video or image using deep learning artificial intelligence. Mostly, deepfakes are used for fun and entertainment, but there are more nefarious uses for this technology. Deepfake AI technology has been predicted as one of the top cybersecurity threats for 2020 (and probably beyond)!

The concerns with any social media app that harvests large amounts of personal, biometric and facial data are the abuse and misuse of that private data by threat actors and adversarial governments to further train their facial recognition machine learning algorithms with a more diverse facial characteristics sampling from around the world. It can then be used to profile, and keep track of the movements and whereabouts of anyone anywhere around the world. Locally, the facial data can be misused to create fake political ads during this year’s election.

The other red flag is that TikTok is very popular amongst teens and pre-teens. There are privacy laws that protect children under the age of 13, where parental consent is required before companies can collect their personal information. The threat of abuse of this data should be a great concern to parents with children of any age!

TikTok sounds like a fun app and there is a certain appeal to many, especially to the younger set to be popular and cool, but there are just too many red flags with this app to have it installed on any personal and work mobile devices. The US Navy and Army have banned this app from government-issued phones. Please stay clear of TikTok because “It won’t make your day!”

The short video below demonstrates MobileIron Threat Defense’s many capabilities, specifically how a leaky and suspicious app like TikTok is detected and then remediated on a mobile device managed by MobileIron UEM.

To learn more, stop by our booth #1727 in the South Hall at RSA Conference 2020, taking place Feb. 24-28 in San Francisco.



James Saturnio

James Saturnio

Senior Lead Technical Market Adviser at MobileIron

About the author

James Saturnio is a Senior Lead Technical Market Adviser at MobileIron. He immerses himself in all things cybersecurity and has over 25 years’ experience in this field. He has been with MobileIron for over 6 years, and previously worked at Cisco Systems for 19 years. While at Cisco, he worked as a TAC Engineer, and then as a Technical Leader for the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.