In an interview with WIRED Wednesday, Roland Cloutier, TikTok’s global head of security, declined to address questions about China directly, but stressed that TikTok was committed to maintaining robust security practices, including allowing outside firms to audit its technology. “What I can talk about is facts, and the facts are quite simple,” Cloutier said. “We use multiple external third parties [and] internal security teams to test and validate and beat on our product on a daily basis to look at potential vulnerabilities.” Cloutier joined TikTok earlier this year, after stints as head of security at the software firm ADP and after spending a decade in the US military and Department of Veteran Affairs.
Mobile security experts say TikTok’s data collection practices aren’t particularly unique for an advertising-based business, and largely resemble those of its US-owned competitors. “For the iOS app available to Western audiences, it appears to collect very standard analytics information,” says Will Strafach, an iOS security researcher and creator of the privacy-focused Guardian Firewall app. That includes things like a user’s device model, their screen resolution, the operating system they use, and the time zone they’re in. “Most data collection by apps concerns me, I don’t like any of it. However, in context, TikTok appears to be pretty tame compared to other apps,” he says.
Dave Choffnes, a computer science professor and mobile networking researcher at Northeastern University, wasn’t able to assess the Android version of TikTok firsthand, but relied on an analysis posted to Reddit, which many of TikTok’s critics have cited. Based on that, Choffnes says TikTok appears to be “in the same league” as other social media apps, which often collect tiktok really national security
