Strewn throughout my cybersecurity news feed the past month have been reports from security companies and researchers about vulnerabilities with the very popular video-sharing app called TikTok. It is safe to assume that it is the most downloaded app today (1.5 billion times) for the iOS and Android platforms, with hundreds of millions of users around the world.
The graphic below highlights the reported TikTok security vulnerabilities with the app. On the heels of the developer patching these same TikTok security flaws are reports of its parent company, called ByteDance, including a deepfake feature within the app called Face Swap.
What is deepfake? Deepfake is the technology that manipulates an original video and audio source by swapping a person’s face with a realistic looking synthetic face from another video or image using deep learning artificial intelligence. Mostly, deepfakes are used for fun and entertainment, but there are more nefarious uses for this technology. Deepfake AI technology has been predicted as one of the top cybersecurity threats for 2020 (and probably beyond)!
The concerns with any social media app that harvests large amounts of personal, biometric and facial data are the abuse and misuse of that private data by threat actors and adversarial governments to further train their facial recognition machine learning algorithms with a more diverse facial characteristics sampling from around the world. It can then be used to profile, and keep track of the movements and whereabouts of anyone anywhere around the world. Locally, the facial data can be misused to create fake political ads during this year’s election.
The other red flag is that TikTok is very popular amongst teens and pre-teens. There are privacy laws that protect children under the age of 13, where parental consent is required before companies can collect their personal information. The threat of abuse of this data should be a great concern to parents with children of any age!
TikTok sounds like a fun app and there is a certain appeal to many, especially to the younger set to be popular and cool, but there are just too many red flags with this app to have it installed on any personal and work mobile devices. The US Navy and Army have banned this app from government-issued phones. Please stay clear of TikTok because “It won’t make your day!”
The short video below demonstrates MobileIron Threat Defense’s many capabilities, specifically how a leaky and suspicious app like TikTok is detected and then remediated on a mobile device managed by MobileIron UEM.
To learn more, stop by our booth #1727 in the South Hall at RSA Conference 2020, taking place Feb. 24-28 in San Francisco.