yesIssie LapowskyNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Power

These ByteDance apps stored US user data in China – at least until they started to disappear

TikTok may keep U.S. user data out of China, but other ByteDance apps downloaded hundreds of thousands of times in the U.S. play by a different set of rules.

These ByteDance apps stored US user data in China – at least until they started to disappear

ByteDance has several apps with U.S. users that have been storing data in China, according to their privacy policies.

Getty Images

Over the last year, TikTok's leaders have repeatedly sworn both in court and in the court of public opinion that they don't share any U.S. user data with China, where their parent company, ByteDance, is based.

But the same can't be said for several other ByteDance apps, which also have a sizable audience in the United States and abroad.

While none is as popular in the U.S. as TikTok, a Protocol investigation found that some of ByteDance's most popular apps in China, including Xigua and Toutiao, appear to have been downloaded hundreds of thousands of times in the United States. And as their privacy policies clearly state — albeit in Chinese — all of the data collected from those apps is stored in China.

According to SensorTower estimates, Xigua, a YouTube-like video streaming app, has been downloaded some 296,000 times across the Apple App Store and the Google Play Store in the U.S., while Toutiao, a news aggregation app, has been installed at least 808,000 times from the two U.S. app stores.

SensorTower's data indicates those downloads ended abruptly the week of Oct. 5, suggesting both apps were removed from U.S. app stores around that time, just as the Trump administration was pressuring ByteDance to cut ties with TikTok and sell it to a U.S. company. On Oct. 11, SensorTower's data suggests the apps were also pulled from most app stores in Europe. Now, neither app is available on app stores in the U.S. or most of the E.U. Removing an app from stores, however, does not remove it from users' phones.

Another app, GoGoKid, disappeared from the U.S. Apple App Store Thursday after Protocol asked ByteDance about the app's privacy policy, which had stated data was stored in China.

ByteDance would not confirm the download numbers or provide any of its own. In a statement, a ByteDance spokesperson said: "Toutiao and Xigua are designed for the Chinese market and are only available in Chinese. Accordingly we made a business decision to discontinue offering them in markets like the US, rather than devoting additional resources to them."

The spokesperson did not answer direct questions from Protocol about whether those apps had been storing U.S. users' data in China, as their privacy policies indicate. The spokesperson also didn't answer a question about whether U.S. users who previously downloaded these apps would be able to receive security updates and patches now that they're no longer on the app stores.

The other ByteDance app, GoGoKid, matches teachers in the U.S. and Canada with Chinese students who want to learn English. The privacy policy for GoGoKid's U.S. teacher portal says only that data may be moved outside of the country. But for Canadian teachers, the policy stipulates that data may be transferred and processed "in jurisdictions where our affiliates or service providers are located, including Singapore, China and the United States."

The privacy policy for the U.S. iPad app for students, meanwhile, was different. As of Wednesday, it stated in Chinese, "We store your personal information collected within the territory of the People's Republic of China in accordance with the provisions of laws and regulations." It is no longer available in the U.S. App Store.

In response to questions about where GoGoKid's U.S. user data is stored, another ByteDance spokesperson said, "GoGoKid is focused on giving students in the Chinese market the opportunity to learn English, and it is only available for students in Chinese." That doesn't account for the many American and Canadian teachers on the platform who are also GoGoKid users. GoGoKid's own website features testimonials from several non-Chinese teachers.

The spokesperson downplayed the app's traction in the U.S., saying GoGoKid "has only been downloaded around 1,000 times in the U.S. market," but didn't specify whether that number referred to the student app, the teacher portal or both. Data on U.S. downloads of the app among teachers is hard to come by, and SensorTower doesn't track it, but one GoGoKid Teachers Facebook group alone has more than 5,000 members.

At no point did ByteDance deny that these apps stored U.S. user data in China.

These data storage arrangements for Xigua, Toutiao and GoGoKid raise questions about why ByteDance hasn't walled off U.S. user data for those apps in the same way it's done for TikTok. Neither the White House nor the Department of Commerce, which have both issued orders related to TikTok this year, responded to Protocol's request for comment.

In sworn testimony as part of TikTok's legal battles against the Trump administration this year, the company's chief security officer, Roland Cloutier, described at length the difference between TikTok's tech stack and that of its Chinese counterpart, Douyin. Cloutier wrote that the "source code and user data for TikTok are maintained separately from the source code and user data for Douyin (and other ByteDance products)." Cloutier went on to state that TikTok "would not comply with a request for U.S. user data from the Chinese government."

That argument, it seems, has been compelling in court, where TikTok has been winning case after case against the Trump administration's attempts to ban the app under the guise of a national security emergency. But while TikTok was carefully spinning off its own servers for U.S. users, ByteDance appears to have taken no such precautions with its other apps.

ByteDance's acquisition of the app that predated TikTok, called Musical.ly, was the subject of an investigation by the Committee on Foreign Investment in the United States, which vets foreign acquisitions of U.S. companies. But both Toutiao and Xigua are homegrown Chinese apps that just happen to have U.S. users, which would place them outside of the purview of CFIUS, said Shannon Reaves, special counsel at the law firm Stroock, who specializes in CFIUS reviews.

"The establishment of that entity and its operation is not subject to CFIUS review," Reaves said, adding, "[CFIUS] could certainly look at that to inform their views about the TikTok acquisition and what they think might happen with the data from TikTok."

The Trump administration was under no such constraints, however, and tried (unsuccessfully) to to ban all transactions with ByteDance through executive order. The order paid particular attention to TikTok, and a subsequent directive from the Commerce Department specifically prohibited TikTok (again, unsuccessfully) from operating in the U.S. after a certain date. But neither order made any mention of these apps.

There are differences of course, between TikTok and Xigua or Toutiao. For one thing, TikTok has tremendous scale in the U.S.; recent court filings revealed that the company has 100 million monthly active U.S. users. SensorTower's data suggests Toutiao and Xigua combined have only around 1 million users in the U.S. And while TikTok is clearly marketed directly to Americans, complete with a huge American staff, Xigua and Toutiao are delivered internationally in Chinese and seem entirely geared toward Chinese people and the Chinese diaspora. That may make these apps less of a target to U.S. regulators and politicians, but it doesn't make their U.S. users' data any more secure.

GoGoKid, on the other hand, is very clearly marketed to teachers in the U.S. and Canada. While some teachers expressed anxiety about President Trump's executive orders this fall, fearing it might interfere with income they made from GoGoKid, the teacher app is still available in the U.S.

The Federal Trade Commission recently ordered ByteDance and U.S. social media companies to hand over information about how they collect data from users. In response to a question about whether the FTC will be looking at ByteDance's other properties beyond TikTok, spokesperson Juliana Gruenwald said, "The orders focus on any and all social media and video streaming services" that these companies own, adding that the investigation will look into not just how data is collected, but also how and where it is stored.

Big Tech benefits from Biden’s sweeping immigration actions

Tim Cook and Sundar Pichai praised President Biden's immigration actions, which read like a tech industry wishlist.

Newly-inaugurated President Joe Biden signed two immigration-related executive orders on Wednesday.

Photo: Chip Somodevilla/Getty Images

Immediately after being sworn in as president Wednesday, Joe Biden signed two pro-immigration executive orders and delivered an immigration bill to Congress that reads like a tech industry wishlist. The move drew enthusiastic praise from tech leaders, including Apple CEO Tim Cook and Alphabet CEO Sundar Pichai.

President Biden nullified several of former-President Trump's most hawkish immigration policies. His executive orders reversed the so-called "Muslim ban" and instructed the attorney general and the secretary of Homeland Security to preserve the Deferred Action for Childhood Arrivals, or DACA, program, which the Trump administration had sought to end. He also sent an expansive immigration reform bill to Congress that would provide a pathway to citizenship for undocumented individuals and make it easier for foreign U.S. graduates with STEM degrees to stay in the United States, among other provisions.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Politics

'Woke tech' and 'the new slave power': Conservatives gather for Vegas summit

An agenda for the event, hosted by the Claremont Institute, listed speakers including U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute. The speakers include U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton, as well as a who's-who of far-right provocateurs.

Photo: David Vives/Unsplash

Conservative investors, political operatives, right-wing writers and Trump administration officials are quietly meeting in Las Vegas this weekend to discuss topics including China, "woke tech" and "the new slave power," according to four people who were invited to attend or speak at the event as well as a copy of the agenda obtained by Protocol.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute, a conservative think tank that says its mission is to "restore the principles of the American Founding to their rightful, preeminent authority in our national life." A list of speakers for the event includes a combination of past and current government officials as well as a who's who of far-right provocateurs. One speaker, conservative legal scholar John Eastman, rallied the president's supporters at a White House event before the Capitol Hill riot earlier this month. Some others have been associated with racist ideologies.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Power

The NYSE China flip-flop: A battle between profit and accountability

Western investors want transparency. But what if guaranteeing that closes a door on the U.S. profiting from China's tech success?

The New York Stock Exchange can't decide whether to delist certain Chinese tech apps.

Photo: Julien Chatelain

The New York Stock Exchange's flip-flopping statements this week over the delisting of Chinese tech stocks highlight a longstanding dispute over how much access Chinese corporations should have to U.S. capital markets. It's a debate that some experts say pits profit against accountability, and one that will likely continue under the Biden administration.

The confusion began last week, when the NYSE announced that it would delist the stocks of three Chinese telecom companies — China Telecom, China Mobile and China Unicom — to comply with the Trump administration's order in November barring U.S. companies and individuals from investing in Chinese firms that work with the Chinese military.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

People

The breakthrough list: 17 people who had a big 2020

They cut through the noise and found themselves in the spotlight this year.

Clockwise from left: Rashad Robinson, Chamath Palihapitiya, Gwynne Shotwell, Vanessa Pappas and Brian Armstrong all found themselves in the spotlight this year.

Photo: Getty Images and Protocol

It was a big year for Big Tech, with the CEOs of Apple, Google, Amazon, Facebook and Twitter all appearing before Congress and billionaires like Elon Musk becoming even richer. But they're not the only people with power in the tech industry.

This year, Protocol wanted to highlight the people in tech who broke through the noise and became a name you should know. Some, like Snowflake's CEO Frank Slootman, celebrated giant business successes, while others, like TikTok's Vanessa Pappas, found themselves in a global political match over an app. Coinbase's Brian Armstrong managed to play both the hero and the villain in a year, alienating some employees with a reportedly hostile workplace while being championed by many in Silicon Valley for taking a no-politics stance during a highly political year.

Keep Reading Show less
Biz Carson

Biz Carson ( @bizcarson) is a San Francisco-based reporter at Protocol, covering Silicon Valley with a focus on startups and venture capital. Previously, she reported for Forbes and was co-editor of Forbes Next Billion-Dollar Startups list. Before that, she worked for Business Insider, Gigaom, and Wired and started her career as a newspaper designer for Gannett.

Power

Biden’s victory was just what tech wanted. Now what?

The next four years won't be easy for tech. But they'll be easier than they could've been.

Following a days-long count, Joe Biden was elected the 46th president of the United States.

Photo: Tasos Katopodis/Getty Images

Joe Biden's election as the 46th president of the United States gives the tech industry a reason to breathe a brief sigh of relief, following a days-long count of ballots during which Facebook and Twitter raced to contain a swell of misinformation, much of it coming from President Donald Trump himself.

Since he clinched the Democratic nomination, Biden has been the overwhelming favorite in the presidential race among those in the tech sector. The industry has butted heads with the Trump administration at almost every turn of his presidency: over immigration, trade, net neutrality and, more recently, content moderation on social media. This last week offered a prime example of that fraught relationship as the president repeatedly flouted tech platforms' election policies in an attempt to undermine the results.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Latest Stories