• by Wendy Davis  @wendyndavis, November 4, 2022

Google and Apple are facing new questions from Congress over policies regarding TikTok and other downloadable apps that could pose privacy threats.

“We write to express our serious concern for consumer safety and data privacy related to Google’s approval of multiple applications into its Play Store with the potential to secretly monitor users, collect sensitive personal information, and share such information with foreign entities,” Reps. Jan Schakowsky (D-Illinois) and Gus Bilirakis (R-Florida) say in a letter sent Wednesday to Google CEO Sundar Pichai. “Google’s failure to implement rigorous application scrutiny makes Americans vulnerable to foreign surveillance, particularly from adversarial actors like China.”

The lawmakers sent a similar letter to Apple CEO Tim Cook.

They are asking both companies whether they plan to remove TikTok (and other potential privacy threats) from their app stores.

Schakowsky and Bilirakis reference research by security expert Felix Krause, who reported recently that TikTok's app for Apple devices opens links in an in-app browser that injects keystroke logging code into outside websites. That code allows TikTok to observe everything users' type into their devices. (TikTok reportedly confirmed that it injects the code, but denied logging keystrokes.)

Krause additionally reported that three Meta Platforms' apps (Facebook, Instagram and Messenger) also open links in in-app browsers that inject tracking code capable. Meta reportedly told Krause that the injected code helps the company aggregate events such as online purchases.

While the lawmakers reference the Meta Platforms' apps, the letters mainly focus on TikTok, owned by Chinese parent company ByteDance.

“The research demonstrated how TikTok’s in-app browser injected code to observe all taps and keyboard inputs, which can include passwords and credit card information,” the lawmakers write, referring to Krause's report.

“Turning a blind eye to an application that permits such surveillance endangers Americans, specifically the overwhelming number of teenagers that use TikTok and may be more susceptible to manipulation or negative social, emotional, and developmental impacts,” the pair add.

Schakowsky and Bilirakis are now asking Google and Apple to answer questions about their app store policies, including whether apps with “cross-border data transfers to U.S. adversaries” threaten users' safety and data security.

They also ask whether apps with in-app browsers are flagged for review, and whether applications are required to disclose cross-border data transfers, among other questions. 

The lawmakers are requesting answers from Google and Apple by November 30.

TikTok has been under intensifying scrutiny since June, when BuzzFeed reported that the company shares data with employees based in China, in apparent violation of earlier representations.

Soon after that report came out, Federal Communications Commissioner Brendan Carr called for Google and Apple to remove TikTok from their app stores. Carr more recently added that he would like to see the Council on Foreign Investment in the U.S. to ban the app.

In July, Senators Mark Warner (D-Virginia) and Marco Rubio (R-Florida) urged the Federal Trade Commission to investigate TikTok over reports that employees in China accessed data about U.S. users of the service.