Photographer: Andrew Harrer/Bloomberg

Those who were anticipating a disruption of WeChat and TikTok got some good news over the weekend.

On Sunday, a judge in San Francisco temporarily blocked a ban on the communications and social-media app WeChat ordered Friday by President Donald Trump. A separate administration order banning the video-sharing service TikTok from app stores was delayed by a week after the Chinese owners agreed under pressure from Washington to sell an ownership stake to several U.S. companies.

But if the bans on TikTok and WeChat are reimposed, the U.S. will quickly learn that it will take more than a White House order to make them stick. And while the bans were ordered in the name of national security to block Chinese government entities from using them against Americans, they could actually create security problems of their own.

WeChat is a vital service for many Chinese-speaking Americans who keep in touch with friends and family overseas, and it’s unreasonable to expect passive compliance during a global pandemic. In the event of a ban, the apps would remain available in app stores outside the U.S. Motivated users have already begun using virtual private networks to redirect internet traffic through an international router, making it appear as though the user is accessing content from a different geographical location.

While a VPN can circumvent location-based restrictions, widespread use leads to a new set of security concerns. There are hundreds of different VPN services, and many of the free providers make money by collecting and selling data accumulated by tracking all the internet traffic that the user was trying to keep private. The most popular providers are headquartered outside of the Five Eyes surveillance alliance (Australia, Canada, New Zealand, the U.K. and the U.S.) to avoid government data requests.

It’s bad enough when big tech companies harvest sensitive information; it’s even worse if the data is held by a sketchy service provider on a foreign server. The fact that VPN servers filter private communications make them a prime target for hackers — even reputable VPN providers have been attacked.

Another possible outcome is that after an app is removed from official app stores, users will try to obtain new versions through a non-official storefront, a process known as side-loading. This presents security risks as well — both Apple and Google screen for security exploits before listing an app in their stores, but unofficial sites provide no such protections.

Epic Games learned this lesson the hard way in 2018, when the company removed the wildly popular social game Fortnite from the Google Play Store to avoid Google’s 30 percent take on app purchases. The company encouraged players to instead download it from the Epic Games website. Immediately, dozens of impostor sites sprang up offering fake apps filled with spyware.

Source link