US TikTok ban: Lessons in mobile app compliance

The US could ban TikTok, bringing mobile app data security regulations into sharp focus for organizations around the world.

The US government has banned TikTok amid data security concerns. Worries that the Chinese government could use TikTok to access sensitive data, at a time of heightened tensions between China and the US, have driven the ban. And it’s worth noting that Trump tried to ban TikTok too, so this isn’t an administration issue either.

But why should this matter to you? Your app is highly unlikely to be a tool of a foreign government. However, it does spotlight the growing trend towards stricter data privacy and security regulations around the globe. With both governments and end-users paying more attention to data, you should, too.

 Secure apps are, for the most part, compliant apps. If you’re just getting started with mobile app compliance, download our guide to the OWASP Top 10 and app shielding to jump-start your app’s security.

The US TikTok ban explained

Congress has approved a bill to ban TikTok in the US unless its Beijing-based parent company, ByteDance, sells the organization to an approved buyer. ByteDance has nine months to find that buyer and 90 extra days if the sale is close to completion near the deadline. Of course, in reality, it’ll take much longer than that, as ByteDance will likely drag proceedings out in court. 

What does all this mean? Well, if TikTok is banned, individual cellular providers must restrict TikTok. So it’ll be illegal for them (or web-hosting companies) to support the app, and any that don't comply will be fined.

While the TikTok ban is certainly somewhat of a novel case, it also represents a wider trend. Governments are simply taking data more seriously. Take the EU’s General Data Protection Regulation (GDPR) for example. Failure to comply could result in consequences ranging from massive fines to temporary (or permanent) bans. And you’d best believe they’re enforcing it — mobile messaging app WhatsApp was fined €225m, not all that long ago for breaching privacy regulations. 

Likewise in India, a lack of compliance with the Digital Personal Data Protection Act (DPDP) can result in fines of up to INR250 crores (approximately US $25 million). The point being, no matter where in the world your app is used and registered, you need to stay on your toes when it comes to regulation.

But it’s not just about dodging fines, compliance comes with perks too.

Opportunities for data-compliant apps 

Consumer data security isn’t an abstract issue for end users. Consumers care. In fact, data security is their number one concern. According to Forbes, 86% of Americans are more concerned about their privacy and data security than the state of the US economy. And yet, worryingly, 66% are misinformed about how their data is being used. Even the most unlikely apps are treasure troves for valuable data — think dating and gaming apps. 

So, if you can prove your app is not only compliant but also goes above and beyond to protect consumer data and is transparent about data usage, you’re more likely to be the app of choice. By going beyond compliance and striving for ethical data use, you can beat your competitors and earn customer trust. 

But this isn’t reinventing the wheel by any stretch of the imagination — apps the world over are already leveraging security as a unique selling proposition. Some app developers even allude to their data privacy and protection measures in their key messaging, for example:

• Signal is marketed as the benchmark for encrypted messaging apps. Often considered more secure than Facebook’s WhatsApp, it’s the choice app for privacy-minded consumers.
• Keepsafe, Google’s private photo vault, boasts “military-grade encryption”.
• Evernote makes a point to highlight the data encryption measures that secure user notes.
  

The takeaway? A demonstrable commitment to data security and transparency is fundamental to attracting and retaining more customers. Case in point: When considering which brands to trust, finding a brand that “respects and protects customers' data, privacy, and security” was ranked the most important factor, according to a recent survey by Marketing Charts. It was even ranked above “is it good value for the price?”

How to navigate mobile app compliance

As we’ve mentioned, the TikTok case is framed in a political context, so it’s undoubtedly an outlier. But the trend towards stricter data regulations is only set to increase, and authorities around the world will continue to introduce and enforce data protection laws. So here are a few tips to help your app stay compliant:

1. Stay informed
   1. Regularly review and update your knowledge of data protection regulations such as the GDPR, CCPA, HIPAA, and other relevant laws. 
      
   2. Subscribe to legal and regulatory updates from reliable sources to stay on top of any changes or new regulations.
      
2. Implement strong data encryption
   
   1. Use robust encryption methods for data at rest and in transit to protect sensitive information from unauthorized access. 
      
   2. Ensure encryption keys are securely managed and updated regularly.
      
3. Conduct regular security audits
   
   1. Perform regular security audits and vulnerability assessments to identify and mitigate potential security risks. 
      
   2. Implement automated monitoring tools to continuously track and report security incidents or breaches.
      
4. Develop and enforce security policies
   
   1. Establish comprehensive security policies and procedures that outline how data should be handled, stored, and protected. 
      
   2. Train employees on these policies and conduct regular training sessions to keep them updated on best practices and new threats.
      
5. Ensure secure development practices
   
   1. Adopt secure coding practices, such as input validation, secure authentication, and authorization mechanisms. 
      
   2. Use code analysis tools to detect and fix security vulnerabilities during the development process. 
      
   3. Implement a secure development lifecycle (SDL) that integrates security at every stage of app development.
      

Of course, those are just the basics. Choosing a mobile app security solution can introduce multi-layered security that helps your app meet the technical compliance requirements we’re seeing more of today.

You can’t have mobile app compliance without security. Make sure you have a secure foundation — download our guide to the OWASP Top 10 and app shielding.