TikTok is being targeted by governors and U.S. lawmakers who say the Chinese-owned company is a cybersecurity risk. On Friday, Virginia's Glenn Youngkin became the latest governor to ban the popular app on state-issued devices.
"TikTok and WeChat data are a channel to the Chinese Communist Party, and their continued presence represents a threat to national security, the intelligence community, and the personal privacy of every single American," Youngkin, a Republican, said in a statement Friday announcing the ban, which also includes the Chinese-owned WeChat instant messaging app.
On Wednesday, the U.S. Senate unanimously approved a bill that would ban the wildly popular social media app from devices issued by federal agencies.
Several other Republican governors have ordered their agencies not to use the app on state-issued devices. Earlier this week, Alabama, Georgia, Idaho, New Hampshire, North Dakota, and Utah joined other states — including Texas, Maryland, South Dakota, South Carolina and Nebraska — in issuing such bans.
The video-sharing app, owned by the Chinese company ByteDance, rose to popularity after it debuted in 2016.
But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users' devices.
Citing national security concerns, governors from a handful of states are prohibiting state employees from using the app on government-issued devices.
"Protecting Alabamians' right to privacy is a must, and I surely don't take a security threat from China lightly," Alabama Gov. Kay Ivey tweeted after announcing a ban on TikTok for state agencies on Monday. "That's why I have banned the use of the TikTok app on our state devices and network."
After enacting a similar measure that same day, Utah Gov. Spencer Cox echoed the same concerns over data privacy.
"Our administration takes security threats by China and China-based entities seriously," Cox said on Twitter. "This is why we're banning TikTok on all state-owned devices effective immediately."
The app is already banned from devices issued by the U.S. military.
Sen. Josh Hawley, R-Mo., sponsor of the Senate bill to bar the app from most federal agency devices, said in a statement that TikTok is "a major security risk to the United States, and until it is forced to sever ties with China completely, it has no place on government devices."
The Senate-passed bill would provide exceptions for "law enforcement activities, national security interests and activities, and security researchers."
Republican Sen. Marco Rubio of Florida is heading a bipartisan effort to ban TikTok outright. The proposed legislation would "block and prohibit" qualifying social media companies belonging to a "country of concern" — China, Russia, Iran, North Korea, Cuba and Venezuela.
Officials and advocates of this kind of legislation are fearful of how a foreign-owned social media entity could influence American politics.
"[TikTok] has the capability to collect massive amounts of data on our citizens," Marc Berkman, CEO of the Organization for Social Media Safety, told NPR. "Because it's owned by China, there is certainly the potential — and it's unclear whether this is happening currently — but there's certainly the ongoing potential that that data is shared by the Chinese government."
Berkman said that foreign-owned technology also runs the risk of "impacting our elections via propaganda and misinformation."
But while legislators are working to limit TikTok, Berkman acknowledges how difficult it would be to get users off the app. Last year, the app reported that more than a billion users flock to its site each month.
"There's just too many people on it," Berkman said. "And there's a significant commercial interest there to maintain those users and the services."
NPR reached out to TikTok for comment but the company did not respond before publication.
TikTok has said that it stores U.S. user data within the U.S. and does not comply with Chinese government content moderation requirements. But in July it acknowledged that non-U.S. employees did in fact have access to U.S. user data.