Canary Trap is a platform for investigative and in-depth information related to security, intelligence, politics, media, history, and tech.

BY VK SHASHIKUMAR

ByteDance just leapt out of China’s opaque technology sector without any background story. This tech company from Beijing just arrived from nowhere with an appealing short video app, TikTok — known in China as Douyin.

Radii, an online “guide to culture, innovation, and life in today’s China” recently reported: “TikTok’s wild success overseas has brought its parent company increased scrutiny and fueled major controversy over security issues.”

Founded by Zhang Yiming (36 yrs), a software engineer from southeast China’s Fujian province, “TikTok has become one of the most prolific and disruptive social media applications ever, a haven for young people to express themselves through makeup tutorials, dance challenges, and ten-second pranks. And a major source of concern for parents and politicians. The app boasts an ever-growing user base of over 1 billion worldwide, and is now the most downloaded non-gaming app on the iOS app store according to Sensor Tower.”

In 2017, ByteDance acquired US lip-syncing platform Musical.ly for 1 billion USD, integrated an adaptation of the algorithm of it’s artificial intelligence powered news app Jinri Toutiao, and launched TikTok. By end of 2019 TikTok’s success propelled ByteDance to dislodge Baidu as the second largest digital ad player behind Alibaba, capturing 23% (7 billion USD) of all digital advertising revenue in China. “Globally, their user base more than doubles that of both Sina Weibo and Tencent’s messaging-and-more super app WeChat. The company is also backed by several major hedge funds, including KKR, Sequoia Capital and SoftBank Japan, and is currently valued at 78 billion USD.”

In September 2019, an investigation by Guardian revealed documents that showed how TikTok was helping promote China’s foreign policy aims. “The popular Chinese-owned social network, instructs its moderators to censor videos that mention Tiananmen Square, Tibetan independence, or the banned religious group Falun Gong, according to leaked documents detailing the site’s moderation guidelines”.

“The documents, revealed by the Guardian for the first time, lay out how ByteDance, the Beijing-headquartered technology company that owns TikTok, is advancing Chinese foreign policy aims abroad through the app. The revelations come amid rising suspicion that discussion of the Hong Kong protests on TikTok is being censored for political reasons: a Washington Post report earlier this month noted that a search on the site for the city-state revealed “barely a hint of unrest in sight”.”

“The guidelines divide banned material into two categories: some content is marked as a “violation”, which sees it deleted from the site entirely, and can lead to a user being banned from the service. But lesser infringements are marked as “visible to self”, which leaves the content up but limits its distribution through TikTok’s algorithmically-curated feed.”

Two months after the Guardian revelations, Reuters reported in November 2019 that “the U.S. government has launched a national security review of TikTok owner Beijing ByteDance Technology Co’s $1 billion acquisition of U.S. social media app Musical.ly. U.S. lawmakers have been calling in recent weeks for a national security probe into TikTok, concerned the Chinese company may be censoring politically sensitive content, and raising questions about how it stores personal data.”

Given that about 60% of TikTok’s 26.5 million monthly active users in the United States are between the ages of 16 and 24, the probe by the Committee on Foreign Investment in the United States (CFIUS) is much awaited. In response to global concerns and investigations into TikTok, the company release its first Transparency Report on December 30, 2019: “To foster candid dialogue essential to earning and maintaining trust, we’re releasing our first Transparency Report this year to show how we responsibly engage with government bodies in the markets where TikTok operates. In this report, users will find details pertaining to how we’ve responded to legal requests related to content and account information from January 1 – June 30, 2019.”

On March 4 2020, just as the Covid19 pandemic was on the verge of shutting down the world, ByteDance launched its long-awaited music streaming app Resso. Initially launched only in India, the product was billed as the “world’s first social music streaming app,” and attempts to merge many of the social features familiar to TikTok users with back catalogues from some of the music industry’s biggest players – Sony Music Entertainment, Warner Music Group, Merlin and Beggars Group, T-Series, Saregama, Zee Music, YRF Music, Times Music, Tips, Venus, Shemaroo and regional majors such as – Speed Records, Anand Audio, Lahiri Music, Divo, Muzik 247.

Hari Nair, Head of Music Content & Partnership, Resso India, said, “Our brand philosophy is extremely unique and we believe that an offering such as ours doesn’t exist in the market. Our philosophy is to allow our users to interact through our platform with music and artists – an unparalleled social streaming experience. We understand our audience and know what they want, and our app gives them the platform to use music as a medium to connect.”

“India has the largest number of GenZ and Resso has been developed as a response to an emerging user trend rooted in the willingness to share music. It is the world’s first social music streaming app and offers an experience that allows users to connect with like-minded individuals, engage and express through music; a first in the music streaming industry. It is designed to revolutionize how music is consumed by filling the longstanding gap between music streaming and social networking.” But despite all the fanfare, there are some notable omissions in the app’s music library. Missing from the list is Universal — the same Universal that is now 10% owned by ByteDance’s rival Tencent, the makers of WeChat.

Irrespective of the intense competition amongst China’s powerful BBAT companies – ByteDance, Baidu, Alibaba and Tencent – the alarm in the strategic affairs circles in New Delhi is over the common intent of these Chinese firms – winning over the hearts and minds of India’s Gen Z and aligning them to Chinese values and foreign policy goals.

The settling down of Chinese soft power in India’s Gen Z could allow China to tremendous strategic advantage vis-à-vis India because the connections between China’s ‘private sector’ and the People’s Liberation Army of China and the Communist Party of China is well established. There is a symbiotic relationship between the Chinese security and political establishment with China’s BBAT, which guide strategic domestic and overseas investments.

The concerns regarding Chinese emphasis on technology related investments in India is captured by a report published by Gateway House in February.

Excerpts:

“These investments in India need to be viewed with caution, considering the increased penetration of smartphones and apps, like TikTok, especially in the country’s Tier-II and Tier-III cities, such as Guwahati and Raipur. The potential to influence Indian minds is massive. By 2024, India’s smartphone users are expected to double to 1.25 billion from 610 million in 2018.9 Chinese smartphone manufacturers in India already have a 66% share of the smartphone market as of the first quarter of 2019. That’s hardware.”

“As for software – and soft power – the increase in smartphones in India has been accompanied by the rise in the use of smartphone apps. According to App Annie’s The State of Mobile in 2019 report, India saw a 165% increase in app store downloads between 2016 and 2018. A full 50% of top app downloads (combined iOS and Google Play Downloads) in India in 2018 were those with Chinese investments, such as UC Browser, SHAREit, TikTok, and Vigo Video, among others. Such Chinese apps harvest more than normal amounts of data, as compared to other social media apps, thereby posing security concerns for India. As more young Indians turn into first-time smartphone users, their affordability and data packages will entice them into making frequent use of online services, unaware of the security risks to their data while using the extremely popular Chinese apps”.

Apps: A substantial 50% of top app downloads (combined iOS and Google Play Downloads) in India in 2018 included apps with Chinese investments, such as Universal Control Browser (UC Browser), SHAREit, TikTok, Vigo Video, etc. These apps are owned respectively by the Singapore and China mobile-based internet company, Alibaba Group; SHAREit Technologies Co Ltd and ByteDance (TikTok and Vigo Video), which are all multi-billion-dollar global players, alleged to have deep ties with the Chinese government.

Browsers: UC Browser, owned by Alibaba, has penetrated the Indian market through a series of significant investments, including via Paytm and its parent company; One97 Communications Limited; and Snapdeal, owned by Jasper Infotech Pvt. Ltd. As of October 2019, UC Browser has a sizeable market share of 17.09% in the mobile browser market space in India and also leads the mobile phone segment in India with 21.38% market share. Its competitor is Chrome, with a 69.35% market share. UC Browser has recently made a strategic shift from a tool-based product to a content player in India, with dedicated channels, hosting short-form content, including videos, with segments on sports, technology, news, fashion, etc.

Streaming services: In 2018, China’s internet behemoth, Tencent, made an investment of $115 million in India-based music streaming service, Gaana, founded in 2010 by Times Media/Times Internet. Indian fintech unicorn Paytm, in which Alibaba invested $575 million and which runs an e-commerce marketplace, Paytm Mall, in India, and Tencent invested $110 million in the OTT platform MX Player, a video player developed by South Korea-based company, J2 Interactive, which was acquired by Times Internet for $144 million in 2018. In April 2016, Chinese smartphone maker, Xiaomi Inc, invested $25 million in Indian digital media firm, Hungama Digital Media Entertainment.

Access to data

India is one of the largest and fastest-growing markets for digital consumers, with 560 million internet subscribers in 2018: this is second only to China. As with the global controversy generated by China’s 5G investments, Chinese investment in India’s digital sector also has data security implications in the following ways:

Data: Chinese apps represent a challenge to the user’s data security as they require vast amounts of personal data; this is usually a bare minimum to provide users access to their interface. A study conducted by Arrka Consulting in India shows that Chinese apps in India ask for 45% more permissions than the number of permissions requested by the top 50 global apps. At least six of the 10 most popular Chinese apps, including Helo and SHAREit, as well as browsers such as UC Browser, ask users to provide unnecessary access to camera and microphones on their smartphones. Such apps collect large amounts of personal data from users such as location, profession, friend lists, friends’ interests, cell-phone number and photo interest as a bare minimum, thereby stoking privacy concerns in app users. Deactivation of a user’s account does not result in data being returned to the user or it being deleted from the app’s server. In fact, these details are often shared with third parties.

Malware: Chinese apps have always raised suspicions about cyber espionage attempts and security risks in India. The Ministry of Electronics and Information Technology reportedly sent notices to TikTok, Bytedance and Helo apps, seeking a response to its data privacy concerns about these apps being used to commit unlawful activities, such as storing users’ data and creating a hub for anti-national activities, such as communal disharmony. In 2017, out of 42 mobile applications, UC Browser, SHAREit, UC News, and others listed by the Ministry of Home Affairs, are claimed to have the potential to carry out a cyber-attack against the country.

Search services: UC Browser is the second most utilised browser in India after Chrome, with an estimated market share of 17.09% and a user base of more than 300 million. According to a 2015 report by the University of Toronto, Alibaba’s UC Browser has “several major privacy and security vulnerabilities that would seriously expose users of UC Browser to surveillance and other privacy violations”.

“TikTok’s parent company, ByteDance, has recently launched a new search portal, Toutiao Search, showing results from the web as well as its own platforms. Given the digital boom in India and the estimated 300 million monthly active users in India that ByteDance has across TikTok, Vigo Video and Helo, ByteDance may potentially venture into the search business in India as well.”

“India’s regulatory authorities need to frame policies with an understanding of the immediate security, technological and geo-economic aspects to China’s expansion. Given China’s established practices of cyber espionage and hacking, it is not unreal to envision a scenario in 2022, where the market share of smartphones of the top three Chinese companies in India is 48.54%, with increasing penetration and cheap data having reached the sensitive border states of India.”

Reports in the media, without clear attribution or naming of government officials, suggest that Government of India is “rethinking” its policy towards Chinese investments in India. The delay in clearly enunciating a clear policy on investments from China and putting in place a law like European Union’s General Data Protection Regulation is inexplicable. Probably, inexcusable, as well.

(VK Shashikumar is an investigative journalist and a strategist. The opinions expressed by the author and those providing comments are theirs alone, and do not reflect the opinions of Canary Trap or any employee thereof)

Note: We thank the authors of the Gateway House Report, February 2020 – Amit Bhadari, Blaise Fernandes, Aashna Agarwal – for their research on Chinese investments in India. This article has relied extensively on their research and has quoted significant portions of the article.

(Photo Courtesy: https://trident7.com)