Source Code: Your daily look at what matters in tech.

source-codesource codeauthorIssie LapowskyNoneWant your finger on the pulse of everything that's happening in tech? Sign up to get David Pierce's daily newsletter.64fd3cbe9f
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
Power

These ByteDance apps stored US user data in China – at least until they started to disappear

TikTok may keep U.S. user data out of China, but other ByteDance apps downloaded hundreds of thousands of times in the U.S. play by a different set of rules.

These ByteDance apps stored US user data in China – at least until they started to disappear

ByteDance has several apps with U.S. users that have been storing data in China, according to their privacy policies.

Getty Images

Over the last year, TikTok's leaders have repeatedly sworn both in court and in the court of public opinion that they don't share any U.S. user data with China, where their parent company, ByteDance, is based.

But the same can't be said for several other ByteDance apps, which also have a sizable audience in the United States and abroad.

While none is as popular in the U.S. as TikTok, a Protocol investigation found that some of ByteDance's most popular apps in China, including Xigua and Toutiao, appear to have been downloaded hundreds of thousands of times in the United States. And as their privacy policies clearly state — albeit in Chinese — all of the data collected from those apps is stored in China.

According to SensorTower estimates, Xigua, a YouTube-like video streaming app, has been downloaded some 296,000 times across the Apple App Store and the Google Play Store in the U.S., while Toutiao, a news aggregation app, has been installed at least 808,000 times from the two U.S. app stores.

SensorTower's data indicates those downloads ended abruptly the week of Oct. 5, suggesting both apps were removed from U.S. app stores around that time, just as the Trump administration was pressuring ByteDance to cut ties with TikTok and sell it to a U.S. company. On Oct. 11, SensorTower's data suggests the apps were also pulled from most app stores in Europe. Now, neither app is available on app stores in the U.S. or most of the E.U. Removing an app from stores, however, does not remove it from users' phones.

Another app, GoGoKid, disappeared from the U.S. Apple App Store Thursday after Protocol asked ByteDance about the app's privacy policy, which had stated data was stored in China.

ByteDance would not confirm the download numbers or provide any of its own. In a statement, a ByteDance spokesperson said: "Toutiao and Xigua are designed for the Chinese market and are only available in Chinese. Accordingly we made a business decision to discontinue offering them in markets like the US, rather than devoting additional resources to them."

The spokesperson did not answer direct questions from Protocol about whether those apps had been storing U.S. users' data in China, as their privacy policies indicate. The spokesperson also didn't answer a question about whether U.S. users who previously downloaded these apps would be able to receive security updates and patches now that they're no longer on the app stores.

The other ByteDance app, GoGoKid, matches teachers in the U.S. and Canada with Chinese students who want to learn English. The privacy policy for GoGoKid's U.S. teacher portal says only that data may be moved outside of the country. But for Canadian teachers, the policy stipulates that data may be transferred and processed "in jurisdictions where our affiliates or service providers are located, including Singapore, China and the United States."

The privacy policy for the U.S. iPad app for students, meanwhile, was different. As of Wednesday, it stated in Chinese, "We store your personal information collected within the territory of the People's Republic of China in accordance with the provisions of laws and regulations." It is no longer available in the U.S. App Store.

In response to questions about where GoGoKid's U.S. user data is stored, another ByteDance spokesperson said, "GoGoKid is focused on giving students in the Chinese market the opportunity to learn English, and it is only available for students in Chinese." That doesn't account for the many American and Canadian teachers on the platform who are also GoGoKid users. GoGoKid's own website features testimonials from several non-Chinese teachers.

The spokesperson downplayed the app's traction in the U.S., saying GoGoKid "has only been downloaded around 1,000 times in the U.S. market," but didn't specify whether that number referred to the student app, the teacher portal or both. Data on U.S. downloads of the app among teachers is hard to come by, and SensorTower doesn't track it, but one GoGoKid Teachers Facebook group alone has more than 5,000 members.

At no point did ByteDance deny that these apps stored U.S. user data in China.

These data storage arrangements for Xigua, Toutiao and GoGoKid raise questions about why ByteDance hasn't walled off U.S. user data for those apps in the same way it's done for TikTok. Neither the White House nor the Department of Commerce, which have both issued orders related to TikTok this year, responded to Protocol's request for comment.

In sworn testimony as part of TikTok's legal battles against the Trump administration this year, the company's chief security officer, Roland Cloutier, described at length the difference between TikTok's tech stack and that of its Chinese counterpart, Douyin. Cloutier wrote that the "source code and user data for TikTok are maintained separately from the source code and user data for Douyin (and other ByteDance products)." Cloutier went on to state that TikTok "would not comply with a request for U.S. user data from the Chinese government."

That argument, it seems, has been compelling in court, where TikTok has been winning case after case against the Trump administration's attempts to ban the app under the guise of a national security emergency. But while TikTok was carefully spinning off its own servers for U.S. users, ByteDance appears to have taken no such precautions with its other apps.

ByteDance's acquisition of the app that predated TikTok, called Musical.ly, was the subject of an investigation by the Committee on Foreign Investment in the United States, which vets foreign acquisitions of U.S. companies. But both Toutiao and Xigua are homegrown Chinese apps that just happen to have U.S. users, which would place them outside of the purview of CFIUS, said Shannon Reaves, special counsel at the law firm Stroock, who specializes in CFIUS reviews.

"The establishment of that entity and its operation is not subject to CFIUS review," Reaves said, adding, "[CFIUS] could certainly look at that to inform their views about the TikTok acquisition and what they think might happen with the data from TikTok."

The Trump administration was under no such constraints, however, and tried (unsuccessfully) to to ban all transactions with ByteDance through executive order. The order paid particular attention to TikTok, and a subsequent directive from the Commerce Department specifically prohibited TikTok (again, unsuccessfully) from operating in the U.S. after a certain date. But neither order made any mention of these apps.

There are differences of course, between TikTok and Xigua or Toutiao. For one thing, TikTok has tremendous scale in the U.S.; recent court filings revealed that the company has 100 million monthly active U.S. users. SensorTower's data suggests Toutiao and Xigua combined have only around 1 million users in the U.S. And while TikTok is clearly marketed directly to Americans, complete with a huge American staff, Xigua and Toutiao are delivered internationally in Chinese and seem entirely geared toward Chinese people and the Chinese diaspora. That may make these apps less of a target to U.S. regulators and politicians, but it doesn't make their U.S. users' data any more secure.

GoGoKid, on the other hand, is very clearly marketed to teachers in the U.S. and Canada. While some teachers expressed anxiety about President Trump's executive orders this fall, fearing it might interfere with income they made from GoGoKid, the teacher app is still available in the U.S.

The Federal Trade Commission recently ordered ByteDance and U.S. social media companies to hand over information about how they collect data from users. In response to a question about whether the FTC will be looking at ByteDance's other properties beyond TikTok, spokesperson Juliana Gruenwald said, "The orders focus on any and all social media and video streaming services" that these companies own, adding that the investigation will look into not just how data is collected, but also how and where it is stored.

Protocol | Workplace

In Silicon Valley, it’s February 2020 all over again

"We'll reopen when it's right, but right now the world is changing too much."

Tech companies are handling the delta variant in differing ways.

Photo: alvarez/Getty Images

It's still 2021, right? Because frankly, it's starting to feel like March 2020 all over again.

Google, Apple, Uber and Lyft have now all told employees they won't have to come back to the office before October as COVID-19 case counts continue to tick back up. Facebook, Google and Uber are now requiring workers to get vaccinated before coming to the office, and Twitter — also requiring vaccines — went so far as to shut down its reopened offices on Wednesday, and put future office reopenings on hold.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.

After a year and a half of living and working through a pandemic, it's no surprise that employees are sending out stress signals at record rates. According to a 2021 study by Indeed, 52% of employees today say they feel burnt out. Over half of employees report working longer hours, and a quarter say they're unable to unplug from work.

The continued swell of reported burnout is a concerning trend for employers everywhere. Not only does it harm mental health and well-being, but it can also impact absenteeism, employee retention and — between the drain on morale and high turnover — your company culture.

Crisis management is one thing, but how do you permanently lower the temperature so your teams can recover sustainably? Companies around the world are now taking larger steps to curb burnout, with industry leaders like LinkedIn, Hootsuite and Bumble shutting down their offices for a full week to allow all employees extra time off. The CEO of Okta, worried about burnout, asked all employees to email him their vacation plans in 2021.

Keep Reading Show less
Stella Garber
Stella Garber is Trello's Head of Marketing. Stella has led Marketing at Trello for the last seven years from early stage startup all the way through its acquisition by Atlassian in 2017 and beyond. Stella was an early champion of remote work, having led remote teams for the last decade plus.
Protocol | China

Livestreaming ecommerce next battleground for China’s nationalists

Vendors for Nike and even Chinese brands were harassed for not donating enough to Henan.

Nationalists were trolling in the comment sections of livestream sessions selling products by Li-Ning, Adidas and other brands.

Collage: Weibo, Bilibili

The No. 1 rule of sales: Don't praise your competitor's product. Rule No. 2: When you are put to a loyalty test by nationalist trolls, forget the first rule.

While China continues to respond to the catastrophic flooding that has killed 99 and displaced 1.4 million people in the central province of Henan, a large group of trolls was busy doing something else: harassing ordinary sportswear sellers on China's livestream ecommerce platforms. Why? Because they determined that the brands being sold had donated too little, or too late, to the people impacted by floods.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
Power

The video game industry is bracing for its Netflix and Spotify moment

Subscription gaming promises to upend gaming. The jury's out on whether that's a good thing.

It's not clear what might fall through the cracks if most of the biggest game studios transition away from selling individual games and instead embrace a mix of free-to-play and subscription bundling.

Image: Christopher T. Fong/Protocol

Subscription services are coming for the game industry, and the shift could shake up the largest and most lucrative entertainment sector in the world. These services started as small, closed offerings typically available on only a handful of hardware platforms. Now, they're expanding to mobile phones and smart TVs, and promising to radically change the economics of how games are funded, developed and distributed.

Of the biggest companies in gaming today, Amazon, Apple, Electronic Arts, Google, Microsoft, Nintendo, Nvidia, Sony and Ubisoft all operate some form of game subscription. Far and away the most ambitious of them is Microsoft's Xbox Game Pass, featuring more than 100 games for $9.99 a month and including even brand-new titles the day they release. As of January, Game Pass had more than 18 million subscribers, and Microsoft's aggressive investment in a subscription future has become a catalyst for an industrywide reckoning on the likelihood and viability of such a model becoming standard.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.
Protocol | Policy

Lina Khan wants to hear from you

The new FTC chair is trying to get herself, and the sometimes timid tech-regulating agency she oversees, up to speed while she still can.

Lina Khan is trying to push the FTC to corral tech companies

Photo: Graeme Jennings/AFP via Getty Images

"When you're in D.C., it's very easy to lose connection with the very real issues that people are facing," said Lina Khan, the FTC's new chair.

Khan made her debut as chair before the press on Wednesday, showing up to a media event carrying an old maroon book from the agency's library and calling herself a "huge nerd" on FTC history. She launched into explaining how much she enjoys the open commission meetings she's pioneered since taking over in June. That's especially true of the marathon public comment sessions that have wrapped up each of the two meetings so far.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Latest Stories