The Chief Administrative Officer in the U.S. House of Representatives warned members of Congress on Wednesday against using TikTok while serving in an official capacity as elected representatives. 

The two-page memo to Capitol Hill staffers provides recommendations against downloading or using TikTok, which is owned by China-based company ByteDance. 

The memo, which was obtained by Politico, cites national security concerns and advises congressional staffers not to use TikTok as a messaging medium due to the security issues posed by the app. 

Specifically, the memo mentions how TikTok requires excessive permissions from users' iPhone or Android devices and is not wholly transparent in how it protects its user data. The memo also mentions how TikTok harvests phone content, including information that could be potentially sensitive. 

“TikTok is a Chinese-owned company, and any use of this platform should be done with that in mind,” the memo stated. “The ‘TikTok’ mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved with its use. Additionally, we believe the user base should be aware that this application is known to store users’ Data Location, Photos, and other Personally Identifiable Information (PII) in servers located in China and potentially mined for commercial and private purposes.” 

“TikTok ‘may collect biometric identifiers and biometric information as defined under US laws,’ including ‘faceprints’ and ‘voiceprints,’ from videos users upload to their platform,” the memo continued. 

The memo details how TikTok automatically collects information about any device that uses the app, including details about the device's sim card, IP address, and geolocation data. 

The information harvested by the app also includes users' use habits, data sent in messages on the app itself, upload metadata, cookies, file names contained on the device, battery life, and keystroke patterns and rhythms. 

The CAO highlighted specific security concerns including: 

• Device mapping – the device can gather all other apps on the phone and retrieve other apps that are running
• The app checks the device’s location every hour
• The app has ongoing access to the phone calendar
• The app “continually requests access to contacts until given”
• The app requests external storage access
• The app saves images in the device’s photo album

“To reiterate, we do not recommend the download or use of this application due to these security and privacy concerns,” the memo stated, noting that the U.S. military had issued similar orders in 2020.