In the letter, Carr said that TikTok “harvests swaths of sensitive data that new reports show are being accessed in Beijing”.
“As you know TikTok is an app that is available to millions of Americans through your app stores, and it collects vast troves of sensitive data about those US users,” he wrote to Apple CEO Tim Cook and Google CEO Sundar Pichai.
“TikTok is owned by Beijing-based ByteDance — an organisation that is beholden to the Communist Party of China and required by the Chinese law to comply with PRC’s surveillance demands,” Carr said in the letter.
Last week, BuzzFeed News reported that China-based employees of internet giant ByteDance have repeatedly accessed data about US TikTok users.
The report cited leaked audio from more than 80 internal TikTok (owned by ByteDance) meetings, engineers in China had access to US data between September 2021 and January 2022.
“It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data,” said Carr.
Apple and Google were yet to react to Carr’s letter.
TikTok’s user data practices have come under suspicion many times.
Reacting to the latest controversy, a TikTok spokesperson had said that the company aims to remove any doubt about the security of US user data.
“That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses,” the spokesperson was quoted as saying in reports.
In 2020, India banned TikTok over national security concerns, and both former President Donald Trump and the current president Joe Biden have raised questions about the short video app’s relations with China and how it affects US users’ data.
India had banned the short-video making app, along with several other Chinese-owned apps, citing national security concerns.
TikTok recently said it has moved US users’ data to Oracle servers within the country.
In a blog post, the company said it has “changed the default storage location of US user data” to Oracle and that “100 per cent of US user traffic” is now hosted by the cloud provider.