1. Home
  2. public service bulletins
  3. The TikTok Ban and Unban—A New Nightmare For iPhone, Android Users

The TikTok Ban and Unban—A New Nightmare For iPhone, Android Users

3 min read

With 170 million Americans still reeling from a ban that was and then was not — all in under 24-hours, the implications of what actually happened are starting to hit home. Putting aside the prospect of another ban, which is not off the table, what is clear is that a nightmare for millions of iPhone and Android has now come true.
First, there is now a major security issue in the U.S., with TikTok’s removal from app stores preventing users from updating their apps or installing it afresh. This isn’t an issue today, notwithstanding no-one should buy an iPhone with TikTok preinstalled, regardless of the price. The app has been recently updated, and as long as you have this latest version, you’re protected. But this will become a security blackhole — any vulnerability found within TikTok cannot be patched.
That’s a short-term (one way or another) localized issue to the U.S. But there’s a much deeper issue that has implications in much darker parts of the world than the TikTok strongholds of Miami, LA and Chicago.


Ahead of the short-lived U.S. ban, users were advised that a VPN would enable them to bypass restrictions and access the platform. There were even sponsored ads for VPN providers that used TikTok’s ban as a lure. And while some of us warned that VPNs would likely not work because TikTok’s entire U.S. platform would shutdown, that didn’t fully land until Sunday the 19th, when users across the U.S. reported as such.

So we looked and found that VPNs not working to bypass the ban. Bytedance seems to be completely committed to preventing even a single U.S. user from accessing their TikTok account. If your TikTok account was created in the U.S. or with an American SIM, then changing your IP address or spoofing your GPS data won’t unblock TikTok as you would normally expect.

One of the reasons for this is quite specific to TikTok and its U.S. setup. Because its infrastructure partners were hit by the ban, the decision was a taken to turn off the backend. This meant that the usual data architecture that a U.S. TikToker would access was down. This is very different to an IP block, where traffic is restricted by networks and which can be fixed by a VPN masking a user’s location, tunneling through a location outside the restricted area.
But it was also clear that TikTok was applying the spirit of the ban to the fullest extent possible. Any U.S. users with a U.S. registered account were denied access — even if they were outside the U.S. at the time. It also seemed clear that TikTok was looking to other geographic signals, possibly including the SIM identifier in a phone as to where it was registered and the regional location of the Google Play Store or Apple App Store from which the app was downloaded and installed.
This has two knock-on effects that are much longer term. First, we now know that a U.S. TikTok ban will be difficult to bypass if it comes back — and the same will be true for any other Chinese (or other) app banned in the same way. There are some options, as I reported over the weekend, but none of them are especially compelling.
The second and much bigger issue is outside the U.S., where iPhone and Android users in “dark” countries rely on VPNs to access social or mainstream media content. We have seen apps dropped by Google and (especially) Apple to comply with local laws, including VPNs ironically, but millions of users still successfully use VPNs as workarounds. Make no mistake, there was real surprise at how extensive TikTok’s adherence to the ban was last weekend. Interested parties will include those blocking content in China, Russia, Iran and elsewhere, losing their battles to fully block content access.

While Conferring ESET’s Jake Moore, “TikTok’s U.S. ban was enforced by shutting down its backend infrastructure and blocking access based on account details, SIM identifiers and app store regions meaning VPN usage was, for once, not the simple bypass many assumed would work at scale. This approach goes far beyond well thought out traditional methods effectively denying access in one fine sweep. In fact, it sets a worrying precedent with far-reaching implications for global content control and digital censorship in our not too distant future.”
TikTok’s ban will usher in a new playbook as to how it’s possible to deny an entire country’s population access to one of its most popular social media platforms in an instant. Not for web access, which will remain open, but certainly for apps that are installed locally and especially those that know the regional location of their user. I don’t expect anything to change immediately, but in China and Russia and some Middle Eastern countries in particular, I do expect a response. This could have implications for apps that cross lines on political, sexual or other freedoms in certain countries.
The art of the possible has suddenly changed — and that means a nightmare for millions of users just came true.