On Sept. 20, TikTok and WeChat may both be persona non grata in the United States.
On Friday, the Department of Commerce announced that both apps will be blocked as downloads across US app stores. The measure is being taken following accusations that the apps collect sensitive data from users, which is then handed over to the Chinese Communist government.
SEE: Mobile device computing policy (TechRepublic Premium)
Based on an executive order signed by President Donald Trump on Aug. 6, 2020, the ban would prohibit any US app store from distributing or maintaining the WeChat or TikTok apps, codes, or updates. As such, both apps will be barred from appearing on such platforms as Apple’s App Store and Google Play.
The ban would also prohibit any services from using WeChat to transfer funds or process payments in the US.
People who don’t already have the apps would be unable to download them, while current owners won’t have access to new or updated versions. Those who’ve already downloaded either app should be able to continue using them, at least for the time being.
“TikTok and WeChat apps will no longer receive updates since the apps won’t be in the Google Play or iOS App stores,” Hank Schless, senior manager of Security Solutions for security firm Lookout, told TechRepublic. “In reality, this won’t affect the current user base very much in terms of app functionality unless Apple or Google releases a major OS update. However, this also means that users won’t receive security updates that are often times key parts of patches to mobile applications. This is risky because if someone discovers a vulnerability in either app, there won’t be a way to release a fix and users will remain exposed to the risk.”
Other actions would be prohibited starting Sept. 20 for WeChat and Nov. 12 for TikTok. Internet hosting companies, content delivery networks, and internet transit or peering services in the US would be banned from enabling the functionality or optimization of the apps. Further, any software or services within the US would be prevented from using the code or features of the two apps. These actions would effectively kill the use of the apps in the US.
In an announcement released on Friday, Department of Commerce Secretary Wilbur Ross said that the Chinese Communist Party has shown the means and motivations to use these apps to threaten the national security, foreign policy, and economy of the US. Ross charged WeChat and TikTok with collecting vast amounts of data from users, including network activity, location data, and browsing and search histories.
“At the President’s direction, we have taken significant action to combat China’s malicious collection of American citizens’ personal data, while promoting our national values, democratic rules-based norms, and aggressive enforcement of U.S. laws and regulations,” Ross said in a statement.
Ross added that the threats posed by WeChat and TikTok aren’t identical but are similar. Each app is an “active participant in China’s civil-military fusion,” subject to the “mandatory cooperation” of the Chinese Communist Party. As such, both apps present “unacceptable risks to our national security,” charged Ross.
Owned by ByteDance, TikTok is a social media app used by people to create, find, and share short videos. You can watch videos from a wide array of creators and design your own videos with special effects, filters, and music. Tencent’s WeChat is a messaging and calling app though which people can stay in touch with friends, play games together, and send or receive mobile payments via the WeChat Pay feature.
Given the Nov. 12 deadline for additional actions, TikTok still has some wiggle room. The extended deadline is in place because the Trump administration has been calling on parent company ByteDance to sell TikTok to a US company.
Following interest by Microsoft and Walmart, Oracle has emerged as a potential buyer to either purchase TikTok in total or carve out a majority stake in it. Whatever the outcome, the administration would have to be assured that TikTok no longer poses a national security threat for the app to pass muster. The president said that he’s not ready to sign off on any deal between Oracle and TikTok unless that happens, even expressing unhappiness were Oracle to simply buy a stake in the app.
“To get the bans lifted there will likely need to be several longs rounds of deep technology vetting and inspection. Including but not limited to code base review and traffic analysis,” Brandon Hoffman, chief information security officer at security provider Netenrich, told TechRepublic.
Following Trump’s executive order in August, TikTok sued the administration. ByteDance has insisted that it keeps all user data in the US with only a backup in Singapore and that it would not share data with the Chinese government if requested. In a phone call with the administration, several US companies cited the executive order as being too vague.
In a press briefing on Friday, senior officials from the Department of Commerce declined to offer specific examples of TikTok or WeChat being used to spy on Americans or incidents where they shared data on US users with the Chinese government. Instead, the officials pointed to TikTok’s Chinese counterparts Douyin and WeChat as tools for government surveillance, saying that the same thing could happen in the US.
“Whether we have any evidence, domestically, of these particular apps taking data is missing the point,” a senior Commerce official said. “We know what they’re using these apps for overseas, we know what the Chinese government’s intent is here in the United States.”
Given the potential but still unspecific threats to security, is the ban warranted? That’s a difficult question to answer.
“In protecting our larger national interests, will we end up hurting the economic interests of our citizens (who depend on these apps),” Setu Kulkarni, VP of strategy at WhiteHat Security, told TechRepublic. “Likely yes. But time has come that we look at stricter and tighter guidelines around application distribution up front to disallow potential adversarial risks from apps in this day and age where downloading these apps is a finger tap away.”
But some feel that the government needs to offer more details on exactly how these apps pose a threat.
“I want to say that the government is doing this for a valid reason,” Hoffman said. “On the other hand, the banning of specific application feels like an impingement on our rights, and to a degree, our privacy, the very same thing they are claiming to protect. In today’s age, consumers are tech savvy and well informed. I think if the government wants their position validated, not that it needs to be, it would make sense for them to disclose a little more technical detail or findings.”
This article has been updated.