If you want to ban a Chinese social media app used by tens of millions of Americans, one you claim is a security risk, then this is a particularly foolish way to do it. Starting tomorrow, September 20, those tens of millions of U.S. TikTok users will be at risk. Whether or not you believe those TikTok installs genuinely represented a security risk to users before, they certainly will now.
For reasons of practicality and political expediency, the Trump administration bans on TikTok—along with Chinese stablemate WeChat—announced on Friday come in two parts. Part one—the apps must be pulled from Apple’s App Store and Google’s Play Store in the U.S. from Sunday night. No new installs, albeit existing users with the app already on their phones can carry on regardless—for a while. As you’d expect, installs are surging, especially for WeChat which isn’t comparatively popular in the U.S.
Part two—the enabling services and infrastructure for each app in the U.S. will also be pulled. This also happens on September 20 for WeChat, but TikTok has a stay of execution until November 12 for this second part. There are the small matters of a definite election and a potential acquisition/partnership to conclude before then—political expediency and practicality.
For almost two months, TikTok’s American users will be in an unprecedented limbo land which puts them at risk. Let’s look at those risks and what you need to do to stay safe.
First, while TikTok apps will remain on tens of millions of smartphones, those apps cannot be updated or maintained. And while that means that cool new functionality available elsewhere in the world will be denied to Americans, the real issue is that if TikTok’s developer ByteDance finds a security issue, it will be unable to patch it for U.S. users. This is a pretty big deal for an app that has had material security issues in the past, as it would be for any hyper scale app that represents such a rich target for threat actors.
“The only real change as of Sunday night will be [TikTok] users won’t have access to improved updated apps, upgraded apps or maintenance,” Ross told Fox Business Network on Friday. Think that through for a moment.
Second, if the rollercoaster ride that has been 2020 has taught us anything, it’s that hackers and cybercriminals love a mass-scale crisis where millions head online for information. You’ll have seen numerous reports as to cyber threats relating to coronavirus and stimulus payments, by way of example. I can pretty much guarantee that emails and texts claiming to show U.S. users how to bypass the Trump ban and maintain TikTok access will be doing the rounds from next week. Each will have a link or an attachment. Some may even suggest paying for some form of bypass service. All will represent a threat to those users hoodwinked by the campaigns.
Finally we come to the VPN issue. Most of you will have no need for a virtual private network that can securely tunnel your internet traffic via third-party servers, masking your identity and location and protecting your data. While these are a necessity when accessing public internet hotpots, they’re not that valuable in the U.S. when heading online from home or work or over a cellular network. And the VPN market is plagued with dangerous free offerings, mainly from China, which have been proven to be a threat.
The issue with turning to VPNs is that they don’t solve the TikTok problem. You won’t be able to access a non-U.S. app store unless Apple and Google genuinely think you’re from that overseas location. And that means switching your identity and payment details. It’s not viable. There’s no benefit to masking your location, pretending you’re in Canada for example, unless you’re using the web to access content; that may change in November, but not unless the app problem can be resolved.
But you will see VPNs ramping up their marketing campaigns—it was even trending on social media the day the U.S. ban was confirmed. And when those users turn to app stores to find a solution, many of the most popular, free apps are best avoided. If you need a VPN—which, where TikTok is concerned you don’t for the time being, then you need to opt for a paid-for offering from a well-known, western developer.
So, what do you do to stay safe? You don’t install a free VPN, you avoid each and every email or text message offering bypass hints and tricks with links and attachments, even if those emails and messages seem to come from a friend, and you bear in mind that your TikTok app is vulnerable to security risks until mid-November. Clearly, that last issue might change. It’s conceivable that the U.S. will relent where security patches are concerned and will allow updates—it would be somewhat ironic if they don’t. The other two risks will remain.
“Today’s actions prove once again that President Trump will do everything in his power to guarantee our national security and protect Americans from the threats of the Chinese Communist Party,” Ross proclaimed on Friday, on announcing the timeline for the U.S. ban. Well, for the next few weeks, it’s not the Chinese Communist Party that TikTok users need to worry about.