SecureMac, Inc.

TikTok and WeChat bans on hold for now

September 23, 2020

With the United States threatening to make good on its promise to pull them from U.S. app marketplaces, popular apps TikTok and WeChat are granted a last-minute stay of execution.

TikTok and WeChat bans on hold for now

It’s been a topsy-turvy week for popular apps TikTok and WeChat, with the United States threatening to make good on its promise to pull them from U.S. app marketplaces, and both apps receiving a last-minute (and temporary) stay of execution.

Why does the US want to ban TikTok and WeChat?

TikTok is a video-sharing social media app popular with younger users, and WeChat is a messenger app with a mobile payment feature that is widely used in mainland China. So why does the U.S. government consider these two apps to be such a threat?

According to the Trump administration, the apps pose a risk to national security because of who their parent companies are: TikTok is owned by ByteDance, and WeChat is owned by Tencent. Both companies are based in China, and U.S. politicians argue that China’s own security laws could one day be used to compel them to hand over data on American users to Beijing. 

TikTok has already come under scrutiny for the way that it handles user privacy, both in the United States and Europe. WeChat, for its part, has been accused of supporting China’s domestic surveillance programs. It’s also undeniable that many large Chinese conglomerates do have close ties to the government, which worries some observers in the context of data privacy.

However, TikTok has responded to international concerns by saying that it doesn’t even store data for U.S. users in mainland China, and that it wouldn’t give the government in Beijing access to such user data even if they requested it. Meanwhile, WeChat parent company Tencent has pushed back against allegations that it violates its users’ privacy.

There is no unanimous agreement among security experts about whether or not the concerns about TikTok and WeChat are valid — or if they warrant an outright ban. But it should be noted that there has been substantial domestic and international criticism of both apps, such that the current administration’s actions shouldn’t be automatically dismissed as political posturing.

Can the government really ban apps?

The idea that the U.S. government can ban an app may surprise many people, but while the legality of this particular ban is certainly debatable, existing U.S. law does make provision for federal authorities to intervene in transactions between citizens and foreign businesses when national security is at stake.

The International Emergency Economic Powers Act (IEEPA) allows the President to regulate international commerce during times of national emergency, provided that the emergency is brought about by an external threat to the United States. Interestingly, the 1977 legislation, signed by President Carter amid tensions with Iran, was originally intended to limit the power of the executive, as the White House had previously had even broader regulatory powers.

The IEEPA was invoked in two separate executive orders issued by the Trump administration back in early August, and stated that in 45 days’ time, i.e. by September 20, U.S. companies and individuals would be prohibited from conducting “transactions” involving the two apps and their parent companies. As it turns out, this was clarified to mean, in the case of TikTok, a ban on app distribution and updates from the App Store and Google Play Store, and in the case of WeChat, a similar ban plus an additional restriction on processing mobile payments through the app’s payment feature.

Are TikTok and WeChat gone?

Just before TikTok was set to become unavailable for download in the US, it was announced that Oracle and Walmart had come to an agreement to take over some of the app’s operations in the United States as a way of allaying the government’s concerns — a compromise that the White House said it would agree to in principle. As a result, the removal of TikTok from U.S. app marketplaces has been postponed until September 27, pending the outcome of discussions over the agreement (an outcome which, it should be noted, is still very much in doubt).

If no agreement can be finalized in the coming week, TikTok will be removed from the App Store and the Google Play Store, and no further updates for the app will be available to existing users who already have it installed on their devices.

Tencent’s WeChat app has also received some help — this in the form of a judicial injunction: U.S. Magistrate Judge Laurel Beeler has blocked the WeChat executive order in response to a lawsuit filed on behalf of WeChat users in the United States, citing First Amendment concerns. The government says that it plans to challenge the injunction in court.

What app bans mean for security

If the TikTok and WeChat bans are implemented, this could have two major effects on user security.

First, it’s important to realize that an app marketplace ban won’t automatically make existing installations of the apps disappear from people’s devices. But it does mean that any user who has a banned app installed won’t be able to update it. If the app is later found to have an exploitable vulnerability, there will be no way for U.S. users to get the security patch, potentially exposing them to compromise.

Secondly, given the high-profile nature of these two apps — and the extensive public discussion about the proposed bans — it’s highly likely that any permanent ban will result in opportunistic hackers using the situation for social engineering attacks. This may take the form of phishing links that offer phony “updates” for the apps, but that actually link to malicious content. Perhaps even more worryingly, we may start to see fake TikTok or WeChat apps that are actually malware. Security researchers have already discovered one such fraudulent app calling itself “TikTok Pro” — which has no relation to the actual TikTok app and is in fact spyware for Android devices.

If the bans do move forward, people with existing app installations should be aware of the risk that they are taking by using apps that can’t be updated. And all users should be on the lookout for phishing attacks and scams related to TikTok or WeChat.

What’s next for TikTok and WeChat?

As mentioned above, TikTok’s reprieve only lasts until September 27, at which time the app will become unavailable for new downloads or updates in the US if no alternative arrangement has been finalized. The ultimate decision on whether or not to allow the WeChat executive order to stand will have to be settled by the courts. We’ll be sure to update you on any important developments to this story, either on this page or via social media.

Join our mailing list for the latest security news and deals