newsletter banner

ISSUE 19.28.F • 2022-07-11 • Text Alerts!Gift Certificates

In this issue

PUBLIC DEFENDER: TikTok steals your files, passwords, and more: FCC official

Additional articles in the PLUS issue • Get Plus!

SOFTWARE: Choosing the right email program

HARDWARE: Desktop computers: Re-use!

ON SECURITY: It’s the end of the road for Windows 8.1

Emerging Tech Brew

Emerging Tech Brew

Join over 400K people by reading Emerging Tech Brew – the free email newsletter covering the future of technology. If it affects your world, Emerging Tech Brew will keep you in-the-know.

Try it!


TikTok steals your files, passwords, and more: FCC official

Brian Livingston

By Brian Livingston

TikTok, the wildly popular short-video app owned by China’s ByteDance corporation, may be kicked out of Apple’s and Google’s download stores.

A US official boldly asserts that TikTok is “accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.”

Brendan Carr, a commissioner of the Federal Communications Commission (FCC), demanded TikTok’s removal two weeks ago in an open letter to both tech giants. He provides evidence that the program clearly violates “numerous provisions of the Apple App Store and Google Play Store” that prohibit Trojan horses and other violations of users’ security.

Figure 1. President Donald Trump said on July 31, 2020, that he would attempt to ban TikTok or force its sale to a US-owned company, a move Chinese officials under Chairman Xi Jinping called “open robbery.” Potential sales of TikTok to American corporations, however, faced legal challenges and fell through.Photo by No-Mad/Shutterstock. Sources: Washington Post, Forbes

Getting Apple and Google to delist the much-desired TikTok will be an uphill slog, however. TikTok has been downloaded more than 3.5 billion times, making it the world’s No. 1 download since 2018. And it’s been the most-downloaded app in the United States every calendar quarter since the start of 2021, according to a Search Engine Journal article.

Adding to TikTok’s clout, the app’s domain was the most-visited website in the world in 2021, pushing Google into second place, according to a Cloudflare ranking.

Even if you’ve never downloaded TikTok, someone you know has.

What’s the risk to you? As Twitter commenter Mormande describes it (in a tweet that has since been removed), “The moment you open TikTok, it harvests the entire data on your phone, including pictures, search history, etc. It’s not just what’s inside the app, it’s so much more.”

Assuming the news is true, TikTok is a very bad app to have on your device

A variety of accusations are combined in Commissioner Carr’s open letter to Apple and Google (PDF). His findings can be paraphrased as follows:

  • TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.
  • TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints — which researchers have said might be used in facial-recognition technology — and voiceprints.
  • The app collects location data as well as draft messages and metadata, plus it collects text, images, and videos that are stored on a device’s clipboard.
  • In March 2020, researchers discovered that TikTok, through its app in the Apple App Store, was accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.
  • In August 2020, TikTok circumvented a privacy safeguard in Google’s Android operating system to obtain data that allowed it to track users online.
  • In 2021, TikTok agreed to pay $92 million to settle lawsuits alleging that the app “clandestinely vacuumed up and transferred to servers in China (and to other servers accessible from within China) vast quantities of private and personally identifiable user data and content.”
  • In March 2022, a report featured current and former TikTok employees who stated in interviews that the US company delegates key decisions to ByteDance officials in Beijing, and that an employee was asked to enter sensitive information into a .cn domain. That’s a top-level domain operated by the Chinese government’s Ministry of Industry and Information Technology.

That last point is a reference to confidential statements by former TikTok employees who report that “everything is seen in China.” BuzzFeed News revealed in a June 17 article — based on leaked audiotapes comprising more than 80 internal discussions — that Chinese employees “have repeatedly accessed nonpublic data about US TikTok users.” And CNBC further confirmed the reports in a June 25 exposé quoting unnamed former workers flatly stating: “ByteDance employees are able to access US user data.”

Because of reports such as these, the US government has tried since 2020 to ban TikTok, eliminate it from app stores, or force its executives to sell to a US-based company (Figure 1). But these efforts have been stymied by legal challenges and the political hot potato of penalizing the world’s most popular app.

The Biden administration is currently developing new regulations that are expected to rein in not only TikTok but other apps that feed data to Chinese organizations, according to a Washington Post story. But progress is grindingly slow.

So far, the executive branch has banned TikTok from devices used by the US military, the Department of Homeland Security, and the Transportation Security Administration (TSA). But the users in those agencies are a tiny fraction of the billions of individuals who’ve installed the app worldwide.

Meanwhile, the government of India — the world’s most-populous democracy — banned TikTok and 58 other Chinese-developed apps back in June 2020. New Delhi released an official statement charging that the apps were threats to the “national security and defence of India,” according to a TechCrunch article.

TikTok says it’s moving all user data to servers in the United States

Faced with mounting criticisms, TikTok executives announced on June 17 they would “minimize data transfer outside of the US.”

TikTok’s director of US security public policy, Albert Calamug, said in that statement that “our data center in Singapore serves as the backup data storage location for our US users,” but the company expected to soon “delete US users’ private data from our own data centers and fully pivot to Oracle cloud servers located in the US.”

TikTok sweatshirt on a mannequin in Chesterfield, UK

The announcement didn’t satisfy everyone. “Physical location does not matter if the data can still be accessed from China,” the Council on Foreign Relations’ director of digital and cyberspace policy, Adam Segal, told BuzzFeed News. The concern, he said, is that “data would still end up in the hands of Chinese intelligence if people in China were still accessing.” (Photo, left, by Loocmill/Shutterstock)

The CEO of TikTok, Shou Zi Chew, confirmed in a June 30 letter to nine American senators that China-based employees can access US user data, according to a Daily Mail article. But the executive maintained there were “errors and misconceptions in the article” BuzzFeed News had published about the leaked discussions.

In any event, nothing in TikTok’s privacy policy would bar it from giving its parent, ByteDance Ltd., full access to any data the app might collect.

“We may share all of the information we collect with a parent, subsidiary, or other affiliate of our corporate group,” the privacy policy, updated as of June 2, 2022, states. ByteDance, of course, is the parent — and, in theory, any random organization could potentially become an affiliate.

Another section of the policy specifically permits the company to collect “content, including text, images, and video, found in your device’s clipboard, with your permission.” The policy provides an innocent example — if you “choose to paste content from the clipboard into the TikTok App” — but the overall language permits the app to scrape anything you happen to place onto your clipboard, with no limitation to the specific action the policy mentions.

Security author Bruce Schneier reports that TikTok’s privacy policy for the US was quietly loosened on June 1 to grant the app even more functions: i.e., to “collect biometric identifiers and biometric information,” including “faceprints and voiceprints.”

The policy states that the company will seek a user’s permission to collect biometrics “where required by law.” But in the US, only the states of California, Illinois, New York, Texas, and Washington currently have biometric privacy laws, according to a TechCrunch analysis. And what kind of “permission” would be sought, anyway? Would your clicking “OK” when first installing the app qualify?

Software developers don’t usually build such data-collection features unless they’re going to be used. A fun video-sharing app shouldn’t need to compute and store your biometric identifiers. “This is probably worth paying attention to,” Schneier dryly notes.

At this writing, neither Apple nor Google has removed TikTok from its app store. And neither company has issued any statements about the controversy — not even to large mainstream media such as The New York Times, The Hollywood Reporter, and other outlets that have repeatedly sought comment.

I wonder why it took more than two years of red flags for the app giants to even think about enforcing their standards on the behemoth called TikTok. I guess Apple and Google executives want the approval of the “cool kids” — that is, whoever has the biggest app following.

Delete all TikTok content, remove your account, and uninstall the app

It’s unlikely that the security apparatus in China cares what videos an average person watches or who their friends may be. The country’s intelligence services are probably more interested in scanning for documents that reveal corporate tech secrets, Pentagon military plans, and other “big fish.”

But even if you care nothing about national security, perhaps you’d like to protect your credit-card numbers from being copied and sent to heaven-knows-where as you fill out a Web form.

To ensure you don’t have the equivalent of a keylogger sucking up every document you open and every password you type, “There’s only one thing to do,” as Albert Khoury of tech site Komando explains. “Remove TikTok from your phone immediately. Even if you don’t create content on the app, the company still collects data on you.”

Deleting TikTok
Figure 2. To eliminate TikTok and all its content from a smartphone, do the following while you’re within the app: (1) press the Profile button, (2) click the three-dot menu, (3) select “Manage my account,” and (4) select “Delete account” twice. Then long-press TikTok’s icon to uninstall the app from the context menu that opens.Source: PCMag instructions

There’s probably a different removal process for every platform and device that’s out there. But one of the best explanations I’ve seen is contained in PCMag’s instruction page. (See Figure 2.) It describes how to erase any TikTok content and expunge your account, not just how to uninstall the app. Be aware that PCMag says TikTok can require 30 days to permanently delete your personal data.

With all the problems TikTok presents, this is a case in which going cold turkey on the app’s cutesy videos is probably the best outcome you can hope for.

Talk Bubbles Do you know something that we all should know? Tell me about it!
Send your story in confidence to
Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the new fintech book Muscular Portfolios. Get his free monthly newsletter.

Refind Refind – The essence of the web,
every morning in your inbox

Tens of thousands of busy people start their day with Refind. The 7 most relevant links from around the web, tailored to you. With summaries by the authors and highlights by the community.

Here are the other stories in this week’s Plus Newsletter


Lance Whitney

Choosing the right email program

By Lance Whitney

Whether you use a Windows PC, iPhone, iPad, or Android device, there are a number of options for email clients other than the usual suspects.

The email program you use depends to a large degree on the type of device or operating system you use. On a Windows PC, you may turn to the default Windows Mail client, or to Outlook if you subscribe to Microsoft 365. Those of you who own an iPhone or iPad will likely fire up the built-in Mail app. And most Android users probably stick with Gmail. But, …


Ben Myers

Desktop computers: Re-use!

By Ben Myers

Make sure the most critical hardware works right before you go ahead.

Previously, I described the most basic steps to get a computer dirt-free and bootable, with a working power supply. These tasks established a baseline for additional work to assure that the computer is in very good operating condition for whoever is going to use it.


Susan Bradley

It’s the end of the road for Windows 8.1

By Susan Bradley

You need to start planning now.

Although Windows 8.1 may seem lost in the cobwebs of time, its small user base loved it and stuck with it. Many users, especially in business, were turned off by the tablet-first approach of Windows 8.0 and then, instead of moving to 8.1, stuck with Windows 7 and later migrated to Windows 10.

Now, however, the Microsoft axe is falling.

Know anyone who would benefit from this information? Please share!
Forward the email and encourage them to sign up via the online form — our public newsletter is free!

Enjoying the newsletter?

Become a PLUS member and get it all!

RoboForm box

Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice.

PLUS, these exclusive benefits:

  • Every article, delivered to your inbox
  • MS-DEFCON Alerts, delivered to your inbox
  • MS-DEFCON Alerts available via TEXT message
  • Total access to the archive of nearly two decades of newsletters
  • No ads
  • Identification as a Plus member in our popular forums

We’re supported by donations — choose any amount for a one-year membership.

Join Today buttonGift Certificate button

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.