TikTok’s fate in the U.S. remains uncertain as debates over national security, data privacy, and foreign influence continue. The app, owned by Chinese-based ByteDance, was briefly removed from U.S. app stores on Jan. 19, 2025, before receiving a temporary reprieve. ByteDance has until April 5 to divest itself of TikTok.

The conversation isn’t happening in a vacuum. Recent cyberattacks on major U.S. companies, including at resort companies in Las Vegas, have highlighted the growing importance of protecting sensitive consumer data from potential threats. Lawmakers are evaluating whether TikTok poses a legitimate cybersecurity risk and if broader digital privacy protections are necessary for all social media platforms.

To better understand the issue, we asked UNLV cybersecurity professionals for insights:

• Hal Berghel, professor of computer science
• Greg Moody, professor of information systems and director of the MS in cybersecurity program
• Rathika Perera, a media applications developer and graduate of the MS in cybersecurity program
• Samer Youssouf, a UNLV graduate student specializing in cybersecurity

1. The TikTok Ban Is About More Than TikTok

While TikTok is the current target, experts agree that the real issue is much bigger—it’s about how social media platforms handle data privacy overall.

“TikTok, like most social media platforms, collects a wide range of user data, including demographics, device stats, geolocation, and even browser history,” explains Perera. What sets TikTok apart is that its parent company, ByteDance, is based in China, where national security laws could allow the government to request access to user data.

However, he notes, banning TikTok alone won’t fix broader data privacy issues that exist across all digital platforms. Perera points out that other social media platforms should face similar scrutiny. Meta, Google, and other U.S.-based companies also collect and monetize massive amounts of user data.

Berghel highlights the potential for abuse of metadata by social media platforms, especially when allied with foreign governments. He cites the Cambridge Analytica scandal, noting the risks associated with data exploitation for political purposes. Berghel stresses that China could potentially take metadata misuse beyond the level seen in past controversies, supporting regulatory measures beyond focusing solely on TikTok.

2. TikTok Stores U.S. Data Domestically—But That May Not Be Enough

A common misconception is that TikTok automatically sends U.S. user data to China. In reality, TikTok stores its American user data on servers run by Oracle, a U.S.-based company.

“The fact that Oracle already partners with TikTok means that data is managed by a company that isn’t based in China,” says Youssouf. “People pushing for this ban may lack knowledge about the app’s actual risks.”

However, cybersecurity professionals remain concerned that ByteDance could still exert influence over TikTok’s data management policies despite domestic data storage.

3. The Bigger Cybersecurity Threat: How Data Is Used, Not Just Who Owns It

Social media companies collect extensive personal information, including behavior patterns, interests, and biometric data. This extensive data collection highlights privacy concerns extending beyond TikTok.

Recent cyberattacks targeting MGM Resorts and Caesars Entertainment emphasize the critical need to prioritize how data is protected and used, rather than simply who owns it. Moody explains, “Cases like these demonstrate that the threat of data breaches extends well beyond any single app.” 

4. A TikTok Ban Won’t Stop Cyber Threats—But Stronger Regulations Could

Even if TikTok were permanently banned, cybersecurity threats wouldn’t disappear. Moody and other experts suggest a more comprehensive approach, recommending that the U.S.:

• Strengthen cybersecurity infrastructure to defend against large-scale data breaches
• Implement stricter privacy laws applicable to all tech companies, not just foreign-owned ones
• Invest in cybersecurity education to help businesses and individuals recognize and mitigate threats

While aTikTok ban may be symbolic, the UNLV experts say, comprehensive cybersecurity policies are necessary to effectively protect users across all platforms.

The Final “Scroll”: What You Need to Know

The TikTok issue highlights broader concerns about data privacy, national security, and digital protection in an interconnected world. While the current focus is on TikTok, data security issues affect all social media platforms. Even in cases where domestic data protections are in place, the UNLV experts say, concerns about foreign influence and cyber threats remain.

Ultimately, experts emphasize that banning TikTok alone won't solve the fundamental problem. Instead, stronger, comprehensive nationwide cybersecurity regulations are essential to protecting users effectively across all digital platforms.

The future of TikTok remains uncertain with ByteDance facing an April 5 deadline, but one thing is clear: cybersecurity and data privacy challenges are here to stay.