The Chinese Communist Party (CCP): A Quest for Data Control

The CIS CTI team assesses that apps owned by the People's Republic of China (PRC) pose a threat to users because of the PRC's ability to leverage these apps for data collection and malign influence operations. Data control is central to the Chinese Communist Party's (CCP's) quest for digital and technological dominance on the world stage. This pursuit is supported by PRC laws granting the CCP the authority to collect data from Chinese companies. Given the popularity of these apps globally, and especially among American users, the CCP likely views the data stored within apps like TikTok, Shein, and Temu as an important resource for their data control goals.

China's Data Collection (Data Control) Practices

In 2015, the PRC launched the "Made in China 2025" plan, wherein President Xi Jinping "identified the control of data as a key to the nation's ambitions."^[1] The CCP has implemented numerous economic development initiatives to fulfill these objectives, including the Digital Silk Road (DSR) plan. The DSR launched in 2015 as part of a larger infrastructure development plan called the Belt and Road Initiative (BRI).^[3] The DSR's purpose is to increase China's exportation of surveillance technologies and digital infrastructure to developing countries.

DSR projects provide a way for the Chinese government to co-opt foreign digital infrastructure and increase global reliance on Chinese-owned companies like Huawei and Tencent. This allows the CCP to access new information flows, intelligence gathering opportunities, and host countries' intellectual property (IP) by either ingesting data stored in Chinese-owned data centers or compelling Chinese companies to install backdoors in their products. In 2012, for example, the U.S. House Intelligence Committee "warned that [Huawei] had stolen intellectual property through backdoors that allowed unauthorized access to sensitive data."^[4] Concerns that Huawei installs backdoors in its products persisted after this warning, resulting in "the U.S. Department of Commerce [adding] Huawei to its 'Entity List'" in 2019 to restrict its ability to conduct business with U.S. companies.^[5]

Data is also integral to the CCP's propaganda efforts, both domestically to control the flow of information and abroad "to shape the global information ecosystem."^[6] According to the Australian Strategic Policy Institute (ASPI), the CCP's propaganda arm has shifted towards a "party-controlled data" model that views data "as essential for maintaining political control [and] for shaping public opinion and influencing societal direction."^[7] Internationally focused efforts include establishing Chinese technologies as the foundation for data exchange and ensuring that Chinese commercial platforms dominate global markets. The CCP harvests data from these platforms and internationally located subsidiaries to gain "unprecedented insight into societal trends and preferences" and inform propaganda operations.^[8]

These economic initiatives and propaganda efforts are supported through data collection practices authorized under a set of laws concerning national intelligence. Effectively, these laws authorize the CCP to harvest data from China-based commercial entities like TikTok, Temu, and Shein.

Some examples of these laws include:

• National Intelligence Law of 2017 requires "any organization or citizen [to] support, assist and cooperate with state intelligence work" and to maintain the confidentiality of intelligence operations.^[9] The law also allows the CCP to compel firms to install backdoors in equipment or software, and it creates a system of incentives/penalties for compliance.^[10]
• 2017 Cybersecurity Law requires critical infrastructure companies to store data within the PRC and to make this data accessible to intelligence services as needed.
• 2021 Data Security Law further expands the CCP's "access to, and control of, companies and data within China," including the "ability to control the out-bound flow of data."^[11]
• 2023 Revision to the Counter-Espionage Law requires all citizens and organizations to assist the government with counterespionage operations. Since the law expands the concept of espionage in an ambiguous manner, the law may govern anything that the CCP deems relevant to national security.^[12]

The CCP's Malign Influence Strategy

According to the 2024 Annual Threat Assessment of the U.S. Intelligence Community, the CCP's malign influence operations "[aim] to sow doubts about U.S. leadership, undermine democracy, and extend Beijing's influence."^[13] This includes attempts to push pro-China and anti-U.S. narratives, shape discourse on issues sensitive to CCP interests, and exploit existing societal divisions in the United States.^[14] The CCP uses social media as a key tool to further these lines of effort and to manipulate the overall information environment. One CCP social media tactic includes leveraging Chinese state-sponsored media outlets to train multilingual lifestyle influencers on how to reach international audiences and embed favorable CCP narratives into their content. According to Microsoft, these influencers "[reach] a combined following of at least 103 million across multiple platforms speaking at least 40 languages."^[15] The CCP also launches coordinated inauthentic behavior campaigns to amplify and suppress certain content. In flooding operations, the CCP uses these accounts to "drown out information around sensitive topics or events" with unrelated content and spam posting.^[16]

Conversation about the risk of threat actors leveraging Chinese-owned apps in malign influence campaigns has mostly centered around TikTok. This is likely due to TikTok having a larger active user base than other popular Chinese-owned platforms and the app's short-form video format, which allows users to rapidly share content. Comparatively, "an ecommerce platform like Temu or Shein is likely a less viable platform to spread propaganda."^[17] However, the CCP's quest to manipulate the information environment also relies on data collection. Access to data from globally successful Chinese companies grants the CCP "an opportunity to collect foreign intelligence that can in turn inform its efforts to communicate with foreign audiences."^[18] Both Temu and Shein represent attractive opportunities for this type of data harvesting, since both "collect user information, can analyze trends in their interests, and use algorithms to target consumers with products or information."^[19] Under the aforementioned national intelligence, cybersecurity, and data protection laws, the CCP is legally authorized to compel Temu and Shein to provide this data, which can then in turn be used to further other malign influence efforts.

Popular Chinese Apps

Though numerous Chinese-owned apps place highly in U.S. rankings, the top three are Temu, TikTok, and Shein. As of June 21, 2024, these apps respectively ranked first, second, and eighth on Apple's "Top Free Apps for iPhone" chart.^[20] This popularity marks these apps as likely targets for data collection and, in TikTok's case, as facilitators for malign influence efforts. In addition, all three apps have faced scrutiny for their data protection practices and have corporate structures that render them beholden to PRC legislation.

TikTok

TikTok is a popular short-form video sharing platform that first launched in September 2017 and currently has over a billion users globally, including over 170 million Americans.^{[21], [22]} Though widely popular, the app is controversial due to data privacy concerns, potential algorithm manipulation, and its link to Beijing-based ByteDance.

ByteDance is a Chinese company that controls both TikTok and Douyin, the Chinese equivalent of the platform. More specifically, ByteDance controls the Shanghai-based TikTok Ltd, which is registered in the Cayman Islands and controls the TikTok LLC (Limited Liability Company) that owns the TikTok app. This ultimately makes TikTok a ByteDance subsidiary.^[23]

TikTok CEO Shou Chew stated in a March 2023 testimony to the U.S. House Committee on Energy and Commerce that "ByteDance is not an agent of China or any other country."^[24] However, as a Chinese company, ByteDance is legally obligated to comply with CCP legislation governing intelligence and data collection.^[25] This relationship has heightened concerns that the CCP could force ByteDance to provide the government with TikTok data.^[26]

Such information-sharing concerns were brought to light in a May 2023 wrongful termination suit filed by an ex-employee that worked at ByteDance from August 2017 to November 2018. The former head of engineering claims that a special unit of the CCP possesses access to ByteDance data and that the company "engaged in a 'culture of lawlessness' and was a 'propaganda' arm of China."^[27] In a June 2023 court filing, the former employee further alleged that the CCP can access TikTok user data collected by ByteDance "through a 'god credential' that it used to monitor and track Hong Kong activists and protesters in 2018."^[28] ByteDance denied the claims and stated that the suit was an attempt to gain media attention.^[29] As of the publication of this blog post, the suit is still ongoing.

The relationship between TikTok and ByteDance — and ultimately the CCP — suggests it is possible for the PRC government to manipulate the algorithm for censorship purposes and in malign influence campaigns. The Network Contagion Research Institute and Rutgers University Miller Center released a report in December 2023 comparing the volume of posts using hashtags related to the Chinese Government's interests on both TikTok and Instagram. The study first tested the ratios for hashtags related to pop-culture and U.S. politics. The researchers found that the ratios for hashtags related to pop culture were in bounds with the user sizes of each platform, and though the ratios for posts related to U.S. political topics had some variation, the "distribution and interaction across these platforms [tended] to reflect their user ratios."^[30] However, there was an underrepresentation of posts on TikTok related to topics contrary to the CCP's interests. This included posts related to Tibet, Tiananmen Square, Taiwan, Hong Kong, the South China Sea, the Uyghur population, pro-Ukraine, and pro-Israel sentiment. Pro-Kashmiri independence posts were the only posts that were overrepresented, though this is in line with the PRC's interests in the region.^[31] The PRC is currently in an ongoing territorial dispute with India over the Line of Actual Control, which refers to the contested border between India-controlled Ladakh and the PRC-administered Aksai Chin territories of Kashmir.^[32] Ultimately, the researchers determined that there is "a strong possibility that TikTok systematically promotes or demotes content on the basis of whether it is aligned with or opposed to the interests of the Chinese government."^[33]

These findings followed previous reporting that TikTok pushed ads on the platform sponsored by Chinese state-backed media companies. Forbes analyzed the content of an ad library that TikTok posted in July 2023 and found that as of July 26, 2023, "more than 1,000 ads from Chinese state media outlets like People's Daily and CGTN have run on the platform since October 2022."^[34] The ads included pro-China sentiment related to the nation's economy and technology, anti-west narratives, and references to the Xinjiang province.^[35]

The potential for the CCP to both harvest TikTok's data and use it in malign influence campaigns has prompted attempts to regulate the app in the United States since 2020. The extent of regulation has thus far been mostly limited to banning federal and some state government employees from using the app on government-owned devices. However, on April 24, 2024, President Biden signed the Protecting Americans from Foreign Adversary Controlled Applications Act into law. The law will result in a U.S. TikTok ban unless ByteDance divests within 270 days to meet a deadline on January 19, 2025, though there is the possibility of a 90-day extension if TikTok has made progress towards divestment.^{[36], [37]} TikTok claims the ban is an infringement of the first and fifth amendments and filed a lawsuit in the U.S. Court of Appeals for the D.C. Circuit in protest. As of publication of this blog post, there has been no ruling, and oral arguments for the case are set to begin in September 2024.^{[38], [39]}

Temu

Temu is an e-commerce app released in 2022 that in 2023 became the most downloaded free app for iPhone in the United States.^[40] Temu is operated by Whaleco Technology Limited, a subsidiary of PDD Holdings. PDD Holdings is a corporate partner of People's Data Management Co. Ltd, which "is a wholly owned subsidiary of Beijing People's Online Network Co. Ltd…[and] the business front of the People's Daily Public Opinion Data Centre."^[41] The People's Data platform is used to facilitate big data sharing between government and corporate partners. The type of data that PDD Holdings shares on the People's Data platform as part of this partnership is not publicly available. However, this relationship suggests that it is possible the shared data includes information harvested from Temu. Temu's own privacy policy outlines this possibility, as it acknowledges that "personal information may be shared with its 'corporate parent, subsidiaries, and affiliates' as well as with 'law enforcement, government authorities, and private parties'" as needed for compliance.^[42]

PDD Holdings also runs Temu's sister app, Pinduodo, which was exposed in April 2023 for installing malware on its app targeting Android operating systems. This allowed the app to "bypass users' cell phone security to monitor activities on other apps, check notifications, read private messages, and change settings."^[43] Temu was not implicated in the incident. However, the company is currently subject to a November 2023 class action lawsuit claiming that experts found tools within the app that can be used "to execute virulent and dangerous malware and spyware activities on user devices."^[44] The lawsuit alleges that Temu employs "'deceptive' and 'unscrupulous' practices" to collect user data and that it requests permissions that an ecommerce app has no reason to access, including Wi-Fi, biometrics, and Bluetooth .^[45] A second lawsuit filed in September 2023 alleges that Temu cut corners in its cybersecurity practices, resulting in customers having their financial data leaked after using the app.^{[46], [47]}

Shein

Shein is an ecommerce company founded in China in 2008 that reached peak popularity after going viral on TikTok during the Covid-19 pandemic. Between March 2020 and March 2022, Shein's share of the U.S. fast fashion market rose from 18 percent to 40 percent, and "by November 2022, Shein accounted for 50 percent of all fast fashion sales in the U.S."^[48] Fast fashion refers to the mass production of cheap clothing over a short period, oftentimes to mimic designer brands and/or capitalize on trends.^[49]

Like Temu, Shein has also faced scrutiny over its data protection practices. Shein's parent company, Zoetop, fell victim to a cyber attack in 2018 that exposed the data of 39 million consumers. The State of New York fined Zoetop $1.9 million in 2022 after an investigation into the attack revealed the company had mishandled consumers' personal data.^[50]

Although founded in China, Shein is attempting to "cut ties" through actions like moving its headquarters to Singapore, setting up operations in other countries, de-registering in Nanjing, and hiring lobbyists in Washington.^[51] These attempts have continued as Shein seeks approval for a U.S. public offering (IPO) filed in November 2023. U.S. lawmakers have pushed back against the IPO, citing concerns regarding Shein's data protection practices, the use of forced labor, and the company's connection to the PRC.^{[52], [53]}

However, Reuters revealed in January 2024 that Shein registered with the China Securities Regulatory Commission (CSRC), meaning that the company must follow PRC listing rules and needs approval to list oversees. This also means that Shein's request for an offshore IPO is subject to review from other PRC regulatory agencies, like the National Development and Reform Commission and the Cyberspace Administration of China (CAC). These listing rules apply to any company that generates "50% or more of its operating revenue, profit, total assets or net sales… in mainland China."^[54] The company must also either conduct "the main parts of its business activities" in China or have its upper management composed of a majority Chinese citizens or individuals otherwise based in China.^[55] Shein is subject to these rules despite being headquartered abroad since a majority of the retailer's roughly 5,400 third- party manufacturers are located in China.^{[56], [57]} The Wall Street Journal also reported in January that the CAC allegedly launched an investigation into Shein's supply chain. The review counteracts Shein's efforts to appear as a "global company" and "squarely positions Shein as a Chinese company - at least in the eyes of China."^[58] Shein denies that that the investigation is occurring, though the CAC review and registration with the CSRC places it under the Chinese government's regulatory thumb.^[59]

Other Popular Apps

Discussion about the PRC's ability to force Chinese-owned companies to provide it with access to American users' data generally focus on TikTok, Temu, and Shein. However, this risk extends to other Chinese-owned apps, as well.

Reuters revealed in June 2024 that a popular news app with over 50 million users called NewsBreak has both published inaccurate AI-generated articles and has links to Chinese state and state-backed entities.^[60] As of June 12, 2024, Newsbreak is ranked third in Apple's Top Free Apps for iPhone News Category.^[61] The app was formerly a subsidiary of Yidian, a Chinese news aggregation company that is partially owned by a "Chinese-state linked media firm" called Phoenix New Media.^[62] Though "Yidian…divested from newsbreak in 2019," CCP officials praised the company in 2017 "for its efficiency in disseminating government propaganda."^[63] The Pentagon also added one of Newsbreak's current investors, IDG capital, to a list of companies linked to the Chinese military. Newsbreak denies that it is beholden to PRC data laws, though its relationships to these China-based entities suggest otherwise.^[64]

ByteDance, which is sometimes "nicknamed the 'app factory,'" owns multiple apps that perform a range of functionalities, including for ecommerce, business productivity, education, social media, and publishing.^{[65], [66]} Aside from TikTok, two of ByteDance's most popular apps in the United States include CapCut, a video editing app, and Lemon8, a social media app similar to Pinterest and Instagram.^[67]  As of June 21, 2024, they respectively ranked 10^th and 51^st on Apple's "Top Free Apps for iPhone" chart.^[68] Despite ByteDance owning TikTok, Lemon8, and CapCut, TikTok's security has overwhelmingly received the most scrutiny. This is because Lemon8 and CapCut have smaller active user bases, which likely contributes to the perception that they are lower risk. CapCut has also likely received less scrutiny than TikTok, for while the app provides video-editing functionalities, it does not perform video distribution. This makes it a less viable option for propagating malign influence campaigns.^[69] However, an ongoing class action lawsuit filed in July 2023 "alleges that CapCut profits from illegal use and dissemination of highly sensitive user data ….[and] that the company makes sensitive user data available to the Chinese government."^[70] The lawsuit claims that the data CapCut collects "can be used to track users by age, gender, location, operating system, and interest in order to attract marketing and sales."^[71] In addition, the lawsuit claims that CapCut's privacy policies violate several state and federal laws.^[72]

Recommendations

Overall, the PRC likely views the expansion of Chinese-owned apps in the United States as an opportunity to develop new malign influence effort launch points and to harvest data across a range of industry verticals. As such, it is important to consider the background context of the CCP's data control objectives and the PRC legislation that facilitate these efforts not only in relation to TikTok, Temu, and Shein but also for all Chinese-owned apps.

Before installing TikTok, Temu, Shein, or another Chinese-owned app, individuals and organizations should review the privacy policies to understand the types of data each app collects and conduct a risk assessment. This includes evaluating the risk of this data being exposed in cyber incidents, especially given TikTok, Temu, and Shein's poor data protection track records. In addition, it is important to consider the risks associated with third parties, such as the CCP, accessing this data for intelligence purposes. Following this assessment, organizations should implement an Acceptable Use Policy outlining which apps are authorized for business devices.

Need a policy template to get started? Download Our Policy Template Today!

^[1] https://www.newsweek.com/2022/09/16/beijings-plan-control-worlds-data-out-google-google-1740426.html
^[2] https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf
^[3] https://www.chathamhouse.org/2021/09/what-chinas-belt-and-road-initiative-bri
^[4] https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf
^[5] https://go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf
^[6] https://www.aspi.org.au/report/truth-and-reality-chinese-characteristics
^[7] https://www.aspi.org.au/report/truth-and-reality-chinese-characteristics
^[8] https://www.aspi.org.au/report/truth-and-reality-chinese-characteristics
^[9] https://www.dhs.gov/sites/default/files/publications/20_1222_data-security-business-advisory.pdf
^[10] https://www.dhs.gov/sites/default/files/publications/20_1222_data-security-business-advisory.pdf
^[11] https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/FINAL_NCSC_SOF_Bulletin_PRC_Laws.pdf
^[12] https://www.loc.gov/item/global-legal-monitor/2023-09-21/china-counterespionage-law-revised/
^[13] https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf
^[14] https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf 
^[15] https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/digital-threats-from-east-asia-increase-in-breadth-and-effectiveness 
^[16] https://www.state.gov/wp-content/uploads/2023/09/HOW-THE-PEOPLES-REPUBLIC-OF-CHINA-SEEKS-TO-RESHAPE-THE-GLOBAL-INFORMATION-ENVIRONMENT_Final.pdf 
^[17] https://www.cnbc.com/2023/05/29/chinese-apps-remain-popular-in-the-us-despite-efforts-to-ban-tiktok.html
^[18] https://www.state.gov/wp-content/uploads/2023/09/HOW-THE-PEOPLES-REPUBLIC-OF-CHINA-SEEKS-TO-RESHAPE-THE-GLOBAL-INFORMATION-ENVIRONMENT_Final.pdf 
^[19] https://www.cnbc.com/2023/05/29/chinese-apps-remain-popular-in-the-us-despite-efforts-to-ban-tiktok.html
^[20] https://apps.apple.com/us/charts/iphone/top-free-apps/36 
^[21] https://www.techtarget.com/whatis/definition/TikTok
^[22] https://www.cnbc.com/2024/04/24/biden-signs-israel-ukraine-tiktok-bill-into-law.html
^[23] https://www.cnn.com/2024/03/18/tech/tiktok-bytedance-china-ownership-intl-hnk/index.html
^[24] https://docs.house.gov/meetings/IF/IF00/20230323/115519/HHRG-118-IF00-Wstate-ChewS-20230323.pdf
^[25] https://www.cnn.com/2024/03/18/tech/tiktok-bytedance-china-ownership-intl-hnk/index.html
^[26] https://apnews.com/article/tiktok-bytedance-shou-zi-chew-8d8a6a9694357040d484670b7f4833be
^[27] https://www.cnn.com/2023/05/13/business/bytedance-employee-lawsuit/index.html
^[28] https://www.aljazeera.com/economy/2023/6/7/china-spied-on-hong-kong-activists-using-tiktok-lawsuit-claims
^[29] https://www.cnn.com/2023/05/13/business/bytedance-employee-lawsuit/index.html
^[30] https://networkcontagion.us/wp-content/uploads/A-Tik-Tok-ing-Timebomb_12.21.23.pdf
^[31] https://networkcontagion.us/wp-content/uploads/A-Tik-Tok-ing-Timebomb_12.21.23.pdf
^[32] https://www.bbc.com/news/world-asia-53062484 
^[33] https://networkcontagion.us/wp-content/uploads/A-Tik-Tok-ing-Timebomb_12.21.23.pdf
^[34] https://www.forbes.com/sites/iainmartin/2023/07/26/tiktok-chinese-propaganda-ads-europe/?sh=11679a90203d
^[35] https://www.forbes.com/sites/iainmartin/2023/07/26/tiktok-chinese-propaganda-ads-europe/?sh=11679a90203d
^[36] https://www.nbcnews.com/tech/tech-news/tiktok-sues-us-government-says-ban-violates-first-amendment-rcna151059
^[37] https://www.cnn.com/2024/04/23/tech/congress-tiktok-ban-what-next/index.html#:~:text=Biden's%20decision%20to%20sign%20the,year%20before%20facing%20a%20ban.
^[38] https://www.nbcnews.com/tech/tech-news/tiktok-sues-us-government-says-ban-violates-first-amendment-rcna151059
^[39] https://www.reuters.com/legal/us-court-hear-challenges-potential-tiktok-ban-september-2024-05-28/
^[40] https://techcrunch.com/2023/12/12/temu-was-the-most-downloaded-iphone-app-in-the-u-s-in-2023/
^[41] https://www.aspi.org.au/report/truth-and-reality-chinese-characteristics
^[42] https://www.aspi.org.au/report/truth-and-reality-chinese-characteristics
^[43] https://www.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
^[44] https://www.cbsnews.com/chicago/news/temu-class-action-lawsuit-illinois-data-privacy-concerns/
^[45] https://www.cbsnews.com/chicago/news/temu-class-action-lawsuit-illinois-data-privacy-concerns/
^[46] https://www.cbsnews.com/chicago/news/temu-class-action-lawsuit-illinois-data-privacy-concerns/
^[47] https://www.nbcchicago.com/consumer/temu-faces-renewed-scrutiny-after-super-bowl-ads/3354306/
^[48] https://www.uscc.gov/sites/default/files/2023-04/Issue_Brief-Shein_Temu_and_Chinese_E-Commerce.pdf
^[49] https://www.britannica.com/art/fast-fashion
^[50] https://www.uscc.gov/sites/default/files/2023-04/Issue_Brief-Shein_Temu_and_Chinese_E-Commerce.pdf 
^[51] https://www.nytimes.com/2023/06/15/business/economy/china-business-tiktok-shein.html
^[52] https://www.cnbc.com/2024/01/17/china-launches-security-review-of-shein-ahead-of-ipo.html
^[53] https://www.cnbc.com/2024/05/13/nrf-rejects-shein-membership-as-retailer-pursues-us-ipo.html
^[54] https://www.reuters.com/business/retail-consumer/shein-files-with-chinese-regulator-planned-us-float-sources-2024-01-12/ 
^[55] https://www.reuters.com/business/retail-consumer/shein-files-with-chinese-regulator-planned-us-float-sources-2024-01-12/ 
^[56] https://www.reuters.com/business/retail-consumer/shein-files-with-chinese-regulator-planned-us-float-sources-2024-01-12/
^[57] https://www.reuters.com/business/chinas-new-rules-offshore-listings-spark-concern-about-lengthy-approval-process-2023-02-20/#:~:text=SYDNEY%2FHONG%20KONG%2C%20Feb%2020,approval%20process%2C%20investment%20bankers%20say
^[58] https://www.cnbc.com/2024/01/17/china-launches-security-review-of-shein-ahead-of-ipo.html
^[59] https://www.axios.com/2024/02/01/shein-denies-chinese-cybersecurity-review-ipo
^[60] https://www.reuters.com/technology/top-news-app-us-has-chinese-origins-writes-fiction-with-help-ai-2024-06-05/#:~:text=Billing%20itself%20as%20%22the%20go,over%2050%20million%20monthly%20users 
^[61] https://apps.apple.com/us/charts/iphone/news-apps/6009
^[62] https://www.reuters.com/technology/top-news-app-us-has-chinese-origins-writes-fiction-with-help-ai-2024-06-05/
^[63] https://www.reuters.com/technology/top-news-app-us-has-chinese-origins-writes-fiction-with-help-ai-2024-06-05/ 
^[64] https://www.reuters.com/technology/top-news-app-us-has-chinese-origins-writes-fiction-with-help-ai-2024-06-05/
^[65] https://www.axios.com/2024/04/07/tiktok-bytedance-gauth-education-ai-app
^[66] https://www.axios.com/2024/04/23/tiktok-ban-bytedance-apps-capcut-lemon8  
^[67] https://www.cnbc.com/2023/05/29/chinese-apps-remain-popular-in-the-us-despite-efforts-to-ban-tiktok.html 
^[68] https://apps.apple.com/us/charts/iphone/top-free-apps/36 
^[69] https://www.cnbc.com/2023/05/29/chinese-apps-remain-popular-in-the-us-despite-efforts-to-ban-tiktok.html
^[70] https://www.hbsslaw.com/cases/capcut-user-rights
^[71] https://www.hbsslaw.com/cases/capcut-user-rights
^[72] https://therecord.media/capcut-privacy-lawsuit-illinois-bipa-bytedance-china

Want additional insights from the CIS CTI team?

About the Author: The CIS Cyber Threat Intelligence (CTI) team at the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC^® and EI-ISAC^®) functions as the premier CTI source for all U.S. State, Local, Tribal, and Territorial (SLTT) entities and election offices. With decades of combined experience in all types of industries, the CTI team pushes out curated SLTT-centric threat intelligence reporting as well as malicious indicators via near real-time threat feeds. This information helps SLTTs anticipate and proactively defend against emerging cyber threats and shifts in adversarial tactics, techniques, and procedures. Additional information: team tradecraft and indicator feeds.

Supported via cooperative agreement No. 23CISMSI00003-01-01 - 09/29/2025 awarded through the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (U.S. DHS). The analysis, findings, and conclusions or recommendations expressed in this document are those of the MS-ISAC and EI-ISAC.