It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.

But it is also clear that TikTok’s pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. user data – just some of which is detailed below – puts it out of compliance  with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores.

Therefore, I am requesting that you apply the plain text of your app store policies to TikTok and remove it from your app stores for failure to abide by those terms.

At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.

Indeed, TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints – which researchers have said might be used in unrelated facial recognition technology – and voiceprints.

It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. The list of personal and sensitive data it collects goes on from there.

This should come as no surprise, however. Within its own borders, the PRC has developed some of the most invasive and omnipresent surveillance capabilities in the world to maintain authoritarian control.

• In August 2020, TikTok circumvented a privacy safeguard in Google’s Android operating system to obtain data that allowed it to track users online.
• In March 2020, researchers discovered that TikTok, through its app in the Apple App Store, was accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.
• In 2021, TikTok agreed to pay $92 million to settle lawsuits alleging that the app “clandestinely vacuumed up and transferred to servers in China (and to other servers accessible from within China) vast quantities of private and personally identifiable user data and content that could be employed to identify, profile, and track the physical and digital location and activities of United States users now and in the future.”
• In March 2022, a report included current and former TikTok employees stating in interviews that TikTok delegates key decisions to ByteDance officials in Beijing and that an employee was asked to enter sensitive information into a.cn domain, which is the top-level domain operated by the Chinese government’s Ministry of Industry and Information Technology.
• Earlier, in 2019, TikTok paid $5.7 million to settle Federal Trade Commission allegations that its predecessor app illegally collected personal data on children under the age of 13.
• India- the world’s largest democracy–has already banned TikTok on national security grounds for stealing and surreptitiously transmitting user data in an unauthorized manner.
• Multiple U.S. military branches have also banned TikTok from government-issued devices due to national security risks, including the Navy, Army, Air Force, Coast Guard, and Marine Corps.
• U.S. government officials have also urged troops and their dependents to erase the app from their personal phones.
• U.S. national security agencies have similarly banned TikTok from official devices citing national security risks, including the Department of Defense, Department of Homeland Security, and the TSA.
• The RNC and DNC have warned campaigns about using TikTok based on security concerns and the threat of officials in Beijing accessing sensitive data.
• Citing data security concerns, private U.S. business operations have also banned TikTok from company devices, including Wells Fargo.
• Once accessed by personnel in Beijing, there is no check on the CCP using the extensive, private, and sensitive data about U.S. users for espionage activities because compliance with the PC’s 2017 National Intelligence law is mandatory in China.