Information Warfare: TikTok Already A Problem

Archives

January 19, 2020: In late 2019 the U.S. Navy banned personnel from having the Chinese social media app TikTok on government-supplied smartphones. A few weeks later the U.S. Army issued a similar ban. Army and navy personnel can still use TikTok on their personal phones, which limits the effectiveness of the ban.

There are potential problems with TikTok because it is owned by a Chinese firm (ByteDance) and thus subject to the Chinese government ordering it to allow malware to be secretly installed, or uninstalled. This sort of thing is difficult to do without getting caught, especially on such a widely used app (about 500 million users) outside of China. TikTok is not allowed in China, instead, a similar app is available just for Chinese users.

The second reason for the TikTok ban is that TikTok, like many social media apps (and apps in general) uses geolocation (via GPS capability standard in phones). This is so that users or, in many cases just the publisher, can see where the user and has been while using the app. This is popular with users and especially with app publishers because this geolocation is a powerful, and lucrative, marketing tool. Because the TikTok ban does not apply to personal (non-government owned) phones the geolocation data is still available from enough military personnel to provide accurate data where these personnel are and where they have been. It is estimated that several hundred thousand military personnel use TikTok and that is a large enough number for TikTok geolocation to show where army, navy, marine and air force units are. Even if the users do not indicate they are in the military, there are statistical techniques to deduce who is and who isn’t.

The problem here is the Chinese don’t need TikTok geolocation data for tracking American military units and personnel. There are many other American made apps that collect geolocation data and sell it to just about anyone. That data made it possible to track the American president and other senior officials, even though the Secret Service (which guards senior officials) has a lot of procedures in force to avoid that sort of tracking.

All this is nothing new. In mid-2018 the U.S. Department of Defense banned all personnel in “operational areas” (usually overseas combat zones) from using commercial devices with geolocation capability. This included cell phones and PSMs (Physiological Status Monitors) like Fitbit. What triggered this was the discovery that a social network for athletes called Strava had developed software that enabled anyone to track users wearing a FitBit or other GPS enabled PSMs. Dedicated (often professional) athletes joined Strava to exchange PSM information and that led to Strava developing features that enabled user locations worldwide.

Turns out that intelligence agencies had discovered Strava as well and reported that they could not only detect PSM users anywhere in the world, but could often identify these users by name. Many intelligence and military personnel used their Fitbits while overseas, often while on secret missions. From January to July 2018 the extent and implications of this became quite clear. The intel agencies quickly (and quietly) ordered their personnel overseas (and often at home as well) to stop using PSMs that made their data accessible to public networks, even ones that were not open to the public. These could be hacked. Now there is a market for “secure (encrypted) PSMs for military and intelligence personnel. Actually, work on that sort of thing has already been underway. TikTok is more a threat for capabilities China has nothing to do with than for something that might be secretly installed in the future.