Why the TikTok Ban Would Have Been a Cybersecurity Nightmare

TikTok Logo

TikTok and WeChat are still available in mobile app stores, despite a threatened ban by executive order, and for that President Trump should be thankful. The fallout on the cybersecurity front would have been considerable.

While the Google and Apple app stores would have no longer offered the apps, users who already downloaded the app would have been able to still use it. Like a book injunction, which can force booksellers to return distributed copies of a banned book back to the publisher, Apple and Google can make these apps disappear. They were not ordered to do that. This serves as a great illustration of the unintended cyberrisks that attend seemingly unrelated decisions.

With a ban in place, TikTok and WeChat users in the U.S. would no longer be supported. In the event of a newly discovered security vulnerability, there would be no patch. The potential ramifications for security would have been enormous. TikTok has an estimated 100 million users in the U.S. alone. WeChat has 19 million.

Security vulnerabilities are discovered every day. Technology companies play a constant game of catch-up with hackers seeking to exploit even relatively minor opportunities. Most software companies are willing to pay white hat hackers to ferret out these vulnerabilities before cybercriminals do. In June, the company that owns and maintains both TikTok and WeChat allocated $140,000 for so-called “bug bounties.” Bounty hunters find bugs all the time, and they are patched all the time.

One hundred million unpatched TikTok users would make a very compelling target for black hat hackers. The unpatched users that would have been created by the President’s ban might have derived a modicum of safety from the numbers game of being one in 100 million, but they would have represented so many open doors that couldn’t be closed.

Typically, when a software company discovers a vulnerability, they simultaneously issue a software update to fix it. At the same time, hackers try to exploit their newfound opportunity before users install the patch that removes the vulnerability. This is why cybersecurity experts are always beating the drum of: update, install, repeat.

The threat wouldn’t have been confined to TikTok and WeChat’s user bases. We’ve seen time and again that some of the largest and most egregious data breaches typically start with a single compromise, be it a careless click on an email attachment, a malware-ridden USB drive, or a personal device running outdated software. A single mobile device that has either app installed on it and a known vulnerability represents a massive liability.

While there are valid reasons to be concerned about the data accumulated and shared by TikTok and WeChat, banning them ultimately amounts to little more than security theater. As we’ve seen on the West Coast, symbolism can start forest fires. It can spark civil unrest, too. Political theater has its place in an election year, but it should not be staged at the cost of our safety.




Founder, CyberScout. Co-founder, Credit.com.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

1inch Price Prediction For 2025 And 2030 Expert Analysis

When Are We Finally Going to Do Something About Ransomware?

Become a Netvrk Ambassador

Hack the Box : POC for Bastion Machine (Microsoft Windows SMB Shares Unprivileged Access…

Heroes Land: Smart Contract is officially audited by CertiK

How much work does a DCMA Cybersecurity Audit take?

How to generate ssh key?

Open Redirect to Account Takeover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Levin

Adam Levin

Founder, CyberScout. Co-founder, Credit.com.

More from Medium

Open Plain Buzz

Who did call a runtime broker, and why is it running on my computer?

Cyber Deterrence is More Important than Nuclear Deterrence

On Cyber-security