Decrypted: The block clock tick-tocks on TikTok


Image Credits: Treedeo (opens in a new window) / Getty Images

In less than three months and notwithstanding intervention, TikTok will be effectively banned in the U.S. unless an American company steps in to save it, after the Trump administration declared by executive order this week that the Chinese-built video sharing app is a threat to national security.

How much of a threat TikTok poses exactly remains to be seen. U.S. officials are convinced that the app could be compelled by Beijing to vacuum up reams of Westerners’ data for intelligence. Or is the app, beloved by millions of young American voters, simply a pawn in the Trump administration’s long political standoff with China?

Really, the answer is a bit of both — even if on paper TikTok is no worse than the homegrown threat to privacy posed by the Big Tech behemoths: Facebook, Instagram, Twitter and Google. But the foreign threat from Beijing alone was enough that the Trump administration needed to crack down on the app — and the videos frequently critical of the administration’s actions.

For its part, TikTok says it will fight back against the Trump administration’s action.

This week’s Decrypted looks at TikTok amid its looming ban. We’ll look at why the ban is unlikely, even if privacy and security issues persist.


Internet watchdog says a TikTok ban is a ‘seed of genuine security concern wrapped in a thick layer of censorship’

The verdict from the Electronic Frontier Foundation is clear: The U.S. can’t ban TikTok without violating the First Amendment. Banning the app would be a huge abridgment of freedom of speech, whether it’s forbidding the app stores from serving it or blocking it at the network level.

But there are still legitimate security and privacy concerns. The big issue for U.S. authorities is that the app’s parent company, ByteDance, has staff in China and is subject to Beijing’s rules.

Could Beijing force ByteDance to turn over data on millions of TikTok users? Potentially, yes. But the data that TikTok obtains and generates on its users is not far from what the U.S. can get under its own jurisdiction. Exactly what China would do with that data is unclear, but China, if you recall, is blamed for the massive data breach at the U.S. Office of Personnel Management in 2014, the 2015 Anthem hack and more recently of using powerful spyware to surveil Uyghurs, an oppressed Chinese minority group.

TikTok maintains it hasn’t given any user data to China, “nor would we do so if asked,” per a spokesperson. But that hasn’t done much to quell fears.

The EFF says whoever buys TikTok — Microsoft appears to be the frontrunner — may have the ostensible blessing from the White House. But the buyer will still have to navigate the many security and privacy issues that won’t have gone away.

TikTok saw a rise in government demands for user data

TikTok tracked user data using a tactic banned by Google

Until November last year, TikTok skirted Google’s app store rules by collecting unique network identifiers from users — without their knowledge — potentially allowing the company to track users online.

MAC addresses are 12-digit codes that are hardcoded in internet-connected devices and can be difficult to change, making it possible to track a device from place to place. Some 1% of Android apps are said to be able to collect MAC addresses — even if Google banned the practice — but brick-and-mortar stores and billboards frequently collect MAC addresses to track individuals as they walk in or pass by.

“It’s unfortunately quite common,” wrote Robert Baptiste, a French security researcher, who weeks earlier wrote a detailed app analysis under the hood of TikTok. “Why the fuck Google is not fixing this issue is another question.”

Exactly what TikTok did with MAC addresses is unclear. It stopped the practice, but critics fear that China could demand the data to use for “blackmail or espionage.”

Collecting MAC addresses without permission is both a violation of Europe’s GDPR privacy rules but also U.S. online child protection rules, likely (or inevitably, under the current political climate) opening the company up to regulatory scrutiny.

But in Baptiste’s view, “it’s bad but far from being a threat to national security.”

All of this reporter’s TikTok followers are fake

Another major concern is that TikTok — like other social media platforms — could be abused as part of foreign disinformation campaigns. This month alone, TikTok banned manipulated “deepfake” videos, improved its fact-checking, and added an in-app reporting option for election misinformation.

But one reporter found that TikTok has done little to curb fake engagement. Motherboard bought $50 worth of artificially inflated followers, likes and views for a benign, uninteresting video, giving it over 25,000 views and 1,000 likes, bumping its popularity across the site.

A week later, the reporter’s account and video were still up — “seemingly undetected by TikTok,” he wrote. It’s precisely this kind of “inauthentic behavior” that Facebook and Twitter have worked but struggled to remove.


In other news this week, the FBI — with help from the National Security Agency — publicly linked a new hacking tool, named “Drovorub,” to Russian intelligence, also known as Fancy Bear, which hacked the Democratic National Committee in 2016.

The newly discovered tool targets Linux systems, typically used in server rooms and data centers. When deployed it can hook into a system, persist and exfiltrate data to the attacker’s own servers.

In an advisory, the FBI-NSA said the Russians “continue to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. presidential election.”

Not only does it serve as a reminder to U.S. organizations to patch their systems, it’s a reminder to the Russians that the U.S. can track their work.


Just one this week:

Adaptive Shield, a Tel Aviv-based security startup, has raised $4 million and emerged out of stealth. The company helps businesses protect cloud software-as-a-service applications by scanning for settings and configuration changes that could cause security problems.

Send tips securely over Signal and WhatsApp to +1 646-755-8849.

More TechCrunch

“When I heard the released demo, I was shocked, angered and in disbelief that Mr. Altman would pursue a voice that sounded so eerily similar to mine.”

Scarlett Johansson says that OpenAI approached her to use her voice

The European venture capital firm raised its fourth fund as fund as climate tech “comes of age.”

ETF Partners raises €284M for climate startups that will be effective quickly — not 20 years down the road

Copilot, Microsoft’s brand of generative AI, will soon be far more deeply integrated into the Windows 11 experience.

Microsoft wants to make Windows an AI operating system, launches Copilot+ PCs

Hello and welcome back to TechCrunch Space. For those who haven’t heard, the first crewed launch of Boeing’s Starliner capsule has been pushed back yet again to no earlier than…

TechCrunch Space: Star(side)liner

When I attended Automate in Chicago a few weeks back, multiple people thanked me for TechCrunch’s semi-regular robotics job report. It’s always edifying to get that feedback in person. While…

These 81 robotics companies are hiring

The top vehicle safety regulator in the U.S. has launched a formal probe into an April crash involving the all-electric VinFast VF8 SUV that claimed the lives of a family…

VinFast crash that killed family of four now under federal investigation

When putting a video portal in a public park in the middle of New York City, some inappropriate behavior will likely occur. The Portal, the vision of Lithuanian artist and…

NYC-Dublin real-time video portal reopens with some fixes to prevent inappropriate behavior

Longtime New York-based seed investor, Contour Venture Partners, is making progress on its latest flagship fund after lowering its target. The firm closed on $42 million, raised from 64 backers,…

Contour Venture Partners, an early investor in Datadog and Movable Ink, lowers the target for its fifth fund

Meta’s Oversight Board has now extended its scope to include the company’s newest platform, Instagram Threads, and has begun hearing cases from Threads.

Meta’s Oversight Board takes its first Threads case

The company says it’s refocusing and prioritizing fewer initiatives that will have the biggest impact on customers and add value to the business.

SeekOut, a recruiting startup last valued at $1.2 billion, lays off 30% of its workforce

The U.K.’s self-proclaimed “world-leading” regulations for self-driving cars are now official, after the Automated Vehicles (AV) Act received royal assent — the final rubber stamp any legislation must go through…

UK’s autonomous vehicle legislation becomes law, paving the way for first driverless cars by 2026

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm. What started as a tool to hyper-charge productivity through writing essays and code with short text prompts has evolved…

ChatGPT: Everything you need to know about the AI-powered chatbot

SoLo Funds CEO Travis Holoway: “Regulators seem driven by press releases when they should be motivated by true consumer protection and empowering equitable solutions.”

Fintech lender SoLo Funds is being sued again by the government over its lending practices

Hard tech startups generate a lot of buzz, but there’s a growing cohort of companies building digital tools squarely focused on making hard tech development faster, more efficient and —…

Rollup wants to be the hardware engineer’s workhorse

TechCrunch Disrupt 2024 is not just about groundbreaking innovations, insightful panels, and visionary speakers — it’s also about listening to YOU, the audience, and what you feel is top of…

Disrupt Audience Choice vote closes Friday

Google says the new SDK would help Google expand on its core mission of connecting the right audience to the right content at the right time.

Google is launching a new Android feature to drive users back into their installed apps

Jolla has taken the official wraps off the first version of its personal server-based AI assistant in the making. The reborn startup is building a privacy-focused AI device — aka…

Jolla debuts privacy-focused AI hardware

The ChatGPT mobile app’s net revenue first jumped 22% on the day of the GPT-4o launch and continued to grow in the following days.

ChatGPT’s mobile app revenue saw its biggest spike yet following GPT-4o launch

Dating app maker Bumble has acquired Geneva, an online platform built around forming real-world groups and clubs. The company said that the deal is designed to help it expand its…

Bumble buys community building app Geneva to expand further into friendships

CyberArk — one of the army of larger security companies founded out of Israel — is acquiring Venafi, a specialist in machine identity, for $1.54 billion. 

CyberArk snaps up Venafi for $1.54B to ramp up in machine-to-machine security

Founder-market fit is one of the most crucial factors in a startup’s success, and operators (someone involved in the day-to-day operations of a startup) turned founders have an almost unfair advantage…

OpenseedVC, which backs operators in Africa and Europe starting their companies, reaches first close of $10M fund

A Singapore High Court has effectively approved Pine Labs’ request to shift its operations to India.

Pine Labs gets Singapore court approval to shift base to India

The AI Safety Institute, a U.K. body that aims to assess and address risks in AI platforms, has said it will open a second location in San Francisco. 

UK opens office in San Francisco to tackle AI risk

Companies are always looking for an edge, and searching for ways to encourage their employees to innovate. One way to do that is by running an internal hackathon around a…

Why companies are turning to internal hackathons

Featured Article

I’m rooting for Melinda French Gates to fix tech’s broken ‘brilliant jerk’ culture

Women in tech still face a shocking level of mistreatment at work. Melinda French Gates is one of the few working to change that.

1 day ago
I’m rooting for Melinda French Gates to fix tech’s  broken ‘brilliant jerk’ culture

Blue Origin has successfully completed its NS-25 mission, resuming crewed flights for the first time in nearly two years. The mission brought six tourist crew members to the edge of…

Blue Origin successfully launches its first crewed mission since 2022

Creative Artists Agency (CAA), one of the top entertainment and sports talent agencies, is hoping to be at the forefront of AI protection services for celebrities in Hollywood. With many…

Hollywood agency CAA aims to help stars manage their own AI likenesses

Expedia says Rathi Murthy and Sreenivas Rachamadugu, respectively its CTO and senior vice president of core services product & engineering, are no longer employed at the travel booking company. In…

Expedia says two execs dismissed after ‘violation of company policy’

Welcome back to TechCrunch’s Week in Review. This week had two major events from OpenAI and Google. OpenAI’s spring update event saw the reveal of its new model, GPT-4o, which…

OpenAI and Google lay out their competing AI visions

When Jeffrey Wang posted to X asking if anyone wanted to go in on an order of fancy-but-affordable office nap pods, he didn’t expect the post to go viral.

With AI startups booming, nap pods and Silicon Valley hustle culture are back