There is now just a week until the ever more likely ban on TikTok comes into effect in the U.S., and you can expect non-stop coverage until then, as 170 million American users ask what happens next. The mood music appears to have turned against TikTok’s arguments for a stay, but nothing is certain yet. What is certain is that should the ban happen, all 170 million users should delete the app on their iPhones and Androids, with the threat of serious consequences if they do not.
What exactly happens when the ban starts is still unclear. What we do know is that Apple and Google will likely remove the app from the Play Store and App Store immediately. That’s the simplest, most immediate action and would stop new users getting hold of the app — the half of America not already using the platform, as ByteDance points out. Unlike ISP blocks in other countries that have banned TikTok and other social media apps, it’s unlikely though not impossible that traffic will be blocked, pushing users to mask their locations through VPNs as we have seen with states restricting porn access.
Even if VPNs are used, they won’t help you get around the App Store problem. As ESET’s Jake Moore says, “although a VPN may work to access the app, Apple [and Google] won’t allow updates or new downloads from phones assigned to the US even if a VPN is used as it will still know its original native country that it was set up in.”
But the good news for TikTok users and content creators is that they will likely be able to continue using the app even after the ban. But you really shouldn’t — hard though it may seem, to stay safe you should delete the app even though legally it doesn’t look like that will be enforced. At least not so far. And there’s a clear warning that over time that lack of updates will make the app unusable anyway. No new updates to match new OS versions, for example.
There’s also the question of user data, and where that goes post a ban. Moore warns that “when it comes to TikTok, the question that consumes many politicians and sceptics is where that data goes. More specifically, does all that information end up being accessed by the Chinese state? TikTok automatically captures vast swaths of information from its users, including Internet and other network activity information such as location data and browsing and search histories so the fact the US don’t want it in their country is not without reason.”
The danger is that removing TikTok from app stores also stop it being updated. Five new versions of the app have been released in the last month alone, automatically downloading and installing to the billion-plus phones on which it runs. And while some of those updates bring new features, most just “squash bugs for a better experience.” TikTok — as with any popular app on your phone — has had its fair share of security mishaps triggering new updates to be pushed out. To have 170 million phones running an app that can’t be updated is a huge security risk. You can imagine how tempting a honeypot that suddenly becomes for attackers and how prized an exploitable TikTok vulnerability would become.
I have warned users before that social engineering attacks around saving TikTok accounts and data will now be amplified, pushing users to click unsafe links or download malicious attachments, updates and apps. While it’s unlikely Apple and Google will be forced to remove apps from devices, if it becomes a security risk they can’t fix then that might change.
It’s possible that a ban will be short-lived or will not happen at all. But on the basis that it does happen, hard though it might be, you need to put your security and privacy first and delete the app. “Once it is removed from app stores, no further security patches will be rolled out,” ESET’s Moore says. “This means security will demise over time and vulnerabilities will inevitably be exploited and phones with older versions of the app will be targeted on mass. It will be come a direct honeypot for attackers wanting to take advantage of a potential insecure window into many phones in the U.S.”
