Power

These ByteDance apps stored US user data in China – at least until they started to disappear

TikTok may keep U.S. user data out of China, but other ByteDance apps downloaded hundreds of thousands of times in the U.S. play by a different set of rules.

These ByteDance apps stored US user data in China – at least until they started to disappear

ByteDance has several apps with U.S. users that have been storing data in China, according to their privacy policies.

Getty Images

Over the last year, TikTok's leaders have repeatedly sworn both in court and in the court of public opinion that they don't share any U.S. user data with China, where their parent company, ByteDance, is based.

But the same can't be said for several other ByteDance apps, which also have a sizable audience in the United States and abroad.

While none is as popular in the U.S. as TikTok, a Protocol investigation found that some of ByteDance's most popular apps in China, including Xigua and Toutiao, appear to have been downloaded hundreds of thousands of times in the United States. And as their privacy policies clearly state — albeit in Chinese — all of the data collected from those apps is stored in China.

According to SensorTower estimates, Xigua, a YouTube-like video streaming app, has been downloaded some 296,000 times across the Apple App Store and the Google Play Store in the U.S., while Toutiao, a news aggregation app, has been installed at least 808,000 times from the two U.S. app stores.

SensorTower's data indicates those downloads ended abruptly the week of Oct. 5, suggesting both apps were removed from U.S. app stores around that time, just as the Trump administration was pressuring ByteDance to cut ties with TikTok and sell it to a U.S. company. On Oct. 11, SensorTower's data suggests the apps were also pulled from most app stores in Europe. Now, neither app is available on app stores in the U.S. or most of the E.U. Removing an app from stores, however, does not remove it from users' phones.

Another app, GoGoKid, disappeared from the U.S. Apple App Store Thursday after Protocol asked ByteDance about the app's privacy policy, which had stated data was stored in China.

ByteDance would not confirm the download numbers or provide any of its own. In a statement, a ByteDance spokesperson said: "Toutiao and Xigua are designed for the Chinese market and are only available in Chinese. Accordingly we made a business decision to discontinue offering them in markets like the US, rather than devoting additional resources to them."

The spokesperson did not answer direct questions from Protocol about whether those apps had been storing U.S. users' data in China, as their privacy policies indicate. The spokesperson also didn't answer a question about whether U.S. users who previously downloaded these apps would be able to receive security updates and patches now that they're no longer on the app stores.

The other ByteDance app, GoGoKid, matches teachers in the U.S. and Canada with Chinese students who want to learn English. The privacy policy for GoGoKid's U.S. teacher portal says only that data may be moved outside of the country. But for Canadian teachers, the policy stipulates that data may be transferred and processed "in jurisdictions where our affiliates or service providers are located, including Singapore, China and the United States."

The privacy policy for the U.S. iPad app for students, meanwhile, was different. As of Wednesday, it stated in Chinese, "We store your personal information collected within the territory of the People's Republic of China in accordance with the provisions of laws and regulations." It is no longer available in the U.S. App Store.

In response to questions about where GoGoKid's U.S. user data is stored, another ByteDance spokesperson said, "GoGoKid is focused on giving students in the Chinese market the opportunity to learn English, and it is only available for students in Chinese." That doesn't account for the many American and Canadian teachers on the platform who are also GoGoKid users. GoGoKid's own website features testimonials from several non-Chinese teachers.

The spokesperson downplayed the app's traction in the U.S., saying GoGoKid "has only been downloaded around 1,000 times in the U.S. market," but didn't specify whether that number referred to the student app, the teacher portal or both. Data on U.S. downloads of the app among teachers is hard to come by, and SensorTower doesn't track it, but one GoGoKid Teachers Facebook group alone has more than 5,000 members.

At no point did ByteDance deny that these apps stored U.S. user data in China.

These data storage arrangements for Xigua, Toutiao and GoGoKid raise questions about why ByteDance hasn't walled off U.S. user data for those apps in the same way it's done for TikTok. Neither the White House nor the Department of Commerce, which have both issued orders related to TikTok this year, responded to Protocol's request for comment.

In sworn testimony as part of TikTok's legal battles against the Trump administration this year, the company's chief security officer, Roland Cloutier, described at length the difference between TikTok's tech stack and that of its Chinese counterpart, Douyin. Cloutier wrote that the "source code and user data for TikTok are maintained separately from the source code and user data for Douyin (and other ByteDance products)." Cloutier went on to state that TikTok "would not comply with a request for U.S. user data from the Chinese government."

That argument, it seems, has been compelling in court, where TikTok has been winning case after case against the Trump administration's attempts to ban the app under the guise of a national security emergency. But while TikTok was carefully spinning off its own servers for U.S. users, ByteDance appears to have taken no such precautions with its other apps.

ByteDance's acquisition of the app that predated TikTok, called Musical.ly, was the subject of an investigation by the Committee on Foreign Investment in the United States, which vets foreign acquisitions of U.S. companies. But both Toutiao and Xigua are homegrown Chinese apps that just happen to have U.S. users, which would place them outside of the purview of CFIUS, said Shannon Reaves, special counsel at the law firm Stroock, who specializes in CFIUS reviews.

"The establishment of that entity and its operation is not subject to CFIUS review," Reaves said, adding, "[CFIUS] could certainly look at that to inform their views about the TikTok acquisition and what they think might happen with the data from TikTok."

The Trump administration was under no such constraints, however, and tried (unsuccessfully) to to ban all transactions with ByteDance through executive order. The order paid particular attention to TikTok, and a subsequent directive from the Commerce Department specifically prohibited TikTok (again, unsuccessfully) from operating in the U.S. after a certain date. But neither order made any mention of these apps.

There are differences of course, between TikTok and Xigua or Toutiao. For one thing, TikTok has tremendous scale in the U.S.; recent court filings revealed that the company has 100 million monthly active U.S. users. SensorTower's data suggests Toutiao and Xigua combined have only around 1 million users in the U.S. And while TikTok is clearly marketed directly to Americans, complete with a huge American staff, Xigua and Toutiao are delivered internationally in Chinese and seem entirely geared toward Chinese people and the Chinese diaspora. That may make these apps less of a target to U.S. regulators and politicians, but it doesn't make their U.S. users' data any more secure.

GoGoKid, on the other hand, is very clearly marketed to teachers in the U.S. and Canada. While some teachers expressed anxiety about President Trump's executive orders this fall, fearing it might interfere with income they made from GoGoKid, the teacher app is still available in the U.S.

The Federal Trade Commission recently ordered ByteDance and U.S. social media companies to hand over information about how they collect data from users. In response to a question about whether the FTC will be looking at ByteDance's other properties beyond TikTok, spokesperson Juliana Gruenwald said, "The orders focus on any and all social media and video streaming services" that these companies own, adding that the investigation will look into not just how data is collected, but also how and where it is stored.

Fintech

Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
Enterprise

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.

Enterprise

Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories
Bulletins