After previously expressing support for Oracle’s planned partnering with TikTok, the Trump administration took a step back from the deal Friday with the Commerce Department putting prohibitions on transactions related to the video-sharing platform and, separately, on the mobile communications app WeChat, both owned by Chinese companies.
President Trump had said at a Wednesday news briefing he was not prepared to sign off on the TikTok deal until he was completely certain that national security concerns had been satisfied and either TikTok parent ByteDance or China agreed to pay a negotiated sum to the U.S. government.
The Commerce Department said its action is a follow-up to Trump’s Aug. 6 executive orders curbing TikTok and WeChat activities over national security concerns. Both apps, the agency said, collect “vast swaths of data from users, including network activity, location data, and browsing and search histories.”
Oracle still might bring Walmart into the partnership to seal the deal for TikTok’s U.S. operations by Nov. 12, the deadline set by Commerce, or sooner, since it appeared last week that Treasury Secretary Steven Mnuchin’s blessing could lead to an announcement as soon as Sept. 20.
WeChat, on the other hand, faces a different fate. New distribution will halt after Sept. 20 – at that point U.S. users reportedly will lose some functionality, such as the ability to receive system updates, if the U.S. government gets its way.
In a Friday conference call with reporters, Commerce officials conceded that WeChat and TikTok users could probably find workarounds to evade the ban, according to a Wall Street Journal report.
“It would be impossible to actively delete TikTok from every device in the United States,” said Hank Schless, senior manager, security solutions at Lookout. It would be up to Google, Apple and Microsoft, as the purveyors of the principal mobile operating systems, to enforce a ban and ensure users delete TikTok. Furthermore, if users were deprived the latest security updates, they would be further exposed to risks.
The government also could be inadvertently inviting the distribution of malicious versions of the apps through other social media platforms, said Schless, predicting an onslaught of phishing messages promising a TikTok/WeChat update or download as a hook.
Lookout recently analyzed a fake “TikTok Pro” app for India that turned out to be toll fraud malware.
“This exemplifies how cybercriminals could take advantage of a similar situation in the U.S. and profit from the public’s desire for the app or to steal personal data,” Schless said.
The government’s action appears to infringe individuals’ rights, but at the same time it’s claiming to protect privacy, said Brandon Hoffman, CISO at Netenrich, adding
it is extremely unlikely that the ban will be reversed before it is implemented. “It will have to be removed or reversed post implementation at this point,” he said.
The two bans herald the “fragmentation and compartmentalization, whether it be the restrictions around Chinese apps or tightening of privacy policies in the EU,” said Ben Johnson, former NSA and CTO of Obsidian Security.
“With the recent TikTok and WeChat restrictions, the primary security concern at the individual level will be the unavailability of security upgrades thus creating an even more vulnerable population of consumer smart devices,” Johnson said. “Until this all plays it, it is best to have a better grasp of the applications you are using and more importantly, why you need them.”
Online technologies, data sharing and smart device usage day to day will continue to look different depending on where a user is in the world, he added.
Setu Kulkarni, vice president, strategy at WhiteHat Security, commented that the importance of both apps to the millennial economy most likely has been overlooked.
“In protecting our larger national interests, will we end up hurting the economic interests of our citizens (who depend on these apps)? Likely yes,” he said.
The president first talked about banning TikTok in July, around the time Wells Fargo, India and the U.S. military forbade the use of the popular Chinese video-sharing app.