The U.S. Army is still reviewing whether the popular social-networking app TikTok, which it has used for recruitment, poses a data security or intelligence risk because of its Chinese ties.
The Army stopped allowing soldiers to use TikTok "immediately" when a possible national security issue was brought to the attention of Army Secretary Ryan McCarthy earlier this year, he told CNBC's Morgan Brennan during an interview on CNBC's Squawk Alley on Tuesday.
"We've begun a review with Army Cyber Command on the potential vulnerabilities associated with that app," McCarthy said. He said he expects to receive a brief on any vulnerabilities associated with TikTok "right around the Christmas holiday."
The app, which allows users to create short videos, is very popular with young adults including those at a prime age for military recruitment and service — the majority of TikTok's approximately 750 million users are under 30. In addition to ending the app-based recruitment push, the Army asked soldiers to discontinue use of the app, because of concerns related to TikTok's China-based parent company ByteDance and uncertainties about how the app may share information with the Chinese government.
TikTok CEO Alex Zhu told The New York Times in November that if asked by China President Xi Jinping to hand over user data, "I would turn him down." However, TikTok declined an invitation to testify at a recent congressional hearing on app security.
Sen. Chuck Schumer (D-NY) has called for an investigation into the Army's use of TikTok, and Sen. Josh Hawley (R-MO) has proposed a bill that would forbid the app and other tech companies like Apple and Google from storing the data of U.S. citizens in China.
The U.S. has been cracking down on a wide range of China-based technology firms despite ongoing protests from those companies, which include artificial intelligence and surveillance giants, as well as China's largest equipment manufacturers Huawei and ZTE.
Companies with Chinese investors are also facing a possible money crunch, as the Treasury Department's Committee on Foreign Investment in the United States (CFIUS) has been working to significantly expand its review process to include businesses in technology, infrastructure and sensitive personal data.
If approved, the new review process would be implemented in February 2020, according to the Treasury Department. As proposed, the rules would define "sensitive personal data" as wide-ranging personal information on more than 1 million users, that could "be used to analyze or determine an individual's financial distress or hardship," or relates to "the physical, mental, or psychological health condition of an individual," among numerous other qualifiers.
CFIUS has contacted TikTok's Chinese parent, Bytedance, over concerns that its acquisition of social media app Musical.ly poses a national security risk, people familiar with the situation have told CNBC.
An adverse CFIUS review can have significant implications for any company that takes money from China-based firms, including giving the U.S. power to block, modify or unwind financial transactions and investments.