On Monday, TikTok also said that it would withdraw from app stores in Hong Kong, where a new national security law from China was enacted. The company said it would make the app inoperable to users there within a few days.
After Amazon’s first email on Friday, TikTok said in a statement that user security was “of the utmost importance” and that it was committed to user privacy. It added, “While Amazon did not communicate to us before sending their email, and we still do not understand their concerns, we welcome a dialogue.”
Before Amazon sent out its second message on Friday, Senator Josh Hawley, Republican of Missouri, who has called for investigations into the national security ramifications of Chinese apps, said, “The whole federal government should follow suit.”
TikTok has long been a concern of American intelligence officials, who fear the social networking app is a thinly veiled data collection service. Over the past six months, security researchers have only furthered those concerns with a series of discoveries.
Last month, a researcher uncovered that TikTok had the ability to siphon off anything a user copied to a clipboard on a smartphone — passwords, photos and other sensitive data like Social Security numbers, emails and texts. The researcher began posting the findings on the online message board Reddit.
The researcher, who goes by the handle Bangorlol, also said that TikTok was capturing data about a user’s phone hardware and data on other apps installed on the phone. Many of these abilities are found in other apps, but TikTok’s developers had gone out of their way to prevent anyone from analyzing the app, the researcher said.
“This was very concerning and very rare,” Oded Vanunu, who leads research into product vulnerability at the Israeli security firm Check Point, said about the findings. “There’s been a lot of fear and speculation about this app, but the recent findings are raising big questions.”