Posted September 23, 2020
It’s been an uncomfortable week for popular apps TikTok and WeChat, with the US threatening to do well on the promise of getting them from US app markets, and both apps getting a last minute (and temporary) stay for execution.
Why does the US want to ban TikTok and WeChat?
TikTok is a social media sharing site that is popular with younger users, and WeChat is a messenger app with a mobile payment feature that is widely used in mainland China. So why does the US government consider these two apps such a threat?
According to the Trump administration, the apps pose a risk to national security because of who their parent companies are: TikTok is owned by ByteDance, and WeChat is owned by Tencent. Both companies are based in China, and US politicians claim that China̵
TikTok has already been investigated for how it handles users’ privacy, both in the US and Europe. WeChat, for its part, has been accused of supporting China’s domestic surveillance programs. It is also undeniable that many large Chinese conglomerates have close ties to the government, which worries some observers about privacy.
However, TikTok has responded to international concerns by saying that it does not even store data for US users in mainland China, and that it will not give the Beijing government access to such user data even if they requested it. Meanwhile, WeChat parent company Tencent has pushed back against allegations that it violates users’ privacy.
There is no unanimous agreement among security experts on whether the concerns about TikTok and WeChat are valid – or whether they justify a direct ban. However, it should be noted that there has been significant domestic and international criticism of both apps, so that the actions of the current administration should not be automatically rejected as a political stance.
Can the authorities really ban apps?
The idea that the US government can ban an app may surprise many people, but while the legality of this particular ban can certainly be discussed, existing US law provides that federal authorities can intervene in transactions between citizens and foreign companies when national security is on effort.
The International Emergency Economic Powers Act (IEEPA) allows the President to regulate international trade in times of national emergency, provided that the emergency is caused by an external threat to the United States. Interestingly, the 1977 legislation, signed by President Carter amid tensions with Iran, was originally intended limit the power of the executive, since the White House had previously had even broader regulatory powers.
IEEPA was called for in two separate executive orders issued by the Trump administration in early August, stating that within 45 days, ie by September 20, US companies and individuals would be prohibited from conducting “transactions” involving the two apps and their parent companies. As it turns out, this was clarified to mean, in the case of TikTok, a ban on distributing apps and updates from the App Store and Google Play Store, and in the case of WeChat, a similar ban plus a further restriction on the processing of mobile payments via the app’s payment function.
Are TikTok and WeChat gone?
Just before TikTok was to become unavailable for download in the US, it was announced that Oracle and Walmart had agreed to take over some of the app’s operations in the US as a way to allay government concerns – a compromise that the White House said it principle would accept it. As a result, the removal of TikTok from US app markets was postponed until September 27, pending the outcome of discussions on the agreement (a result which, it should be noted, is still very much in doubt).
If no appointments can be made within the next week, TikTok will be removed from the App Store and Google Play Store, and no further updates for the app will be available to existing users who already have it installed on their devices.
Tencent’s WeChat app has also received some help – this in the form of a lawsuit: U.S. Judge Laurel Beeler has blocked the WeChat order in response to a lawsuit filed on behalf of WeChat users in the United States, citing concerns about first change. The government says they plan to challenge the injunction in court.
What app bans mean for security
Implementing the TikTok and WeChat bans could have two major effects on user safety.
First, it is important to realize that a market ban for apps does not automatically make existing installations of the apps disappear from people’s devices. But that means any user who has a banned app installed will not be able to update it. If it is later found that the app has a exploitable vulnerability, there will be no way for US users to get the security update, which potentially exposes them to compromises.
Second, given the high-profile nature of these two apps – and the widespread public discussion about the proposed bans – it is highly likely that a permanent ban will result in opportunistic hackers using the situation for social media attacks. This can take the form of phishing links that offer fake “updates” for the apps, but actually link to malicious content. Perhaps even more worryingly, we can begin to see fake TikTok or WeChat apps that are actually malicious software. Security researchers have already discovered such a fake app called “TikTok Pro” – which has nothing to do with the actual TikTok app and is in fact spyware for Android devices.
If the bans continue, people with existing app installations should be aware of the risks involved in using apps that cannot be updated. And all users should be on the lookout for phishing scams and scams related to TikTok or WeChat.
What’s next for TikTok and WeChat?
As mentioned above, TikTok’s postponement only lasts until September 27, and then the app will be unavailable for new downloads or updates in the US if no alternative scheme has been terminated. The final decision on whether the WeChat order should stand or not must be decided by the courts. We will make sure to update you on important developments in this story, either on this page or via social media.