Another Kiwi company calls for clampdown on TikTok and its data harvesting

Engagement with the app can also reveal sensitive information, CyberCX said.
Engagement with the app can also reveal sensitive information, CyberCX said. Photo credit: Getty Images

Another cybersecurity business in Aotearoa has called for cyberwatchogs and the Government to increase their scrutiny of the social media app TikTok.

CyberCX, which has over 1100 professionals across 20 locations in New Zealand and Australia, is worried about the privacy of Kiwis' data amid global concerns regarding what the Chinese government can access on the platform.

According to the company, TikTok has an estimated 1.4 million users aged 18 and above in New Zealand. 

It comes just weeks after Kiwi CEO Alex Ford, founder and CEO of Socialike, told Newshub the app should be removed from Google and Apple's app stores amid concerns over data security.

When installed the app has access to a wide range of personal information, including phone and location data, contacts and messages, search history and keystroke patterns. 

Engagement with the app can also reveal sensitive information, like political preferences, according to CyberCX.

The app is owned by ByteDance, a privately owned company, but for security reasons the Chinese government is able to legally access data stored by Chinese companies.

Katherine Mansted, director cyber intelligence and public policy at CyberCX, said users of all social media platforms, including TikTok, are likely revealing significantly more data than they realise.

“Unfortunately, like many social media companies, TikTok is cagey about the information it collects about its New Zealand users and who can access it," she said.

"This should be of huge concern to the government and cyber watchdogs. In this case, we should be especially worried about any access the Chinese government has to this data and how it could misuse it.

"The Chinese government's approach to privacy and human rights is fundamentally different to that of the New Zealand government, or indeed any other democracy," she said.

"The Chinese Communist Party has form when it comes to hoovering up Kiwis' information. TikTok needs to come clean about how it collects and protects New Zealanders' data."

Earlier this week TikTok joined the likes of Meta, Google, Amazon and Twitter by signing the Aotearoa New Zealand Code of Practice for Online Safety and Harms, which obligates them to actively reduce harmful content on their platforms.

However that doesn't address the data management, particularly for data held overseas. That recently became an issue when TikTok revealed data about US citizens was accessible to the Chinese government.

That led US Federal Communications Commission (FCC) chief Brendan Carr to describe the platform as a wolf in sheep's clothing.

Adam Boileau, executive director of security testing and assurance at CyberCX New Zealand, said while other major platforms hold the same data, there is a better idea about how it is used and protected.

"Users are essentially having to put their trust into the assurances coming from TikTok - which is one percent owned by the Chinese Communist Party - that there are ‘robust cybersecurity controls' in place," he said.

"We only have to look at the recent revelations that Chinese hackers targeted US journalists in the days leading up to the January 6 insurrection to understand the risks New Zealand could be exposed to."

At the time of the revelation about US data being accessible in China, a TikTok spokeswoman said that access could only be granted on an "as-needed basis" and under "strict controls".