The incredibly popular short video app is owned by Chinese company ByteDance, which was under US surveillance under President Donald Trump.
One of FCC commissioner, Brendan Carr shared the letter via Twitter to Apple CEO Tim Cook and Alphabet CEO Sundar Pichai.
The letter drew attention to reports and other developments in which TikTok did not comply with the two companies' app store rules.
“TikTok is not what it seems at first glance. It's not just an app for sharing funny videos or memes. “TikTok serves as a sophisticated surveillance tool that inherently collects a huge amount of personal and sensitive data,” the letter says. Letter dated June 24 on FCC's letterhead said if the Apple and Alphabet do not remove TikTok from their app stores, they should provide statements to him by July 8.
The statements should explain "the basis for your company's conclusion that the surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok's pattern of misleading representations and conduct, does not run afoul of any of your app store policies," he said.
Trump nominated Carr in 2018 to a five-year term with the FCC. The Senate confirmed in December that the commission's chair, Jessica Rosenworcel, would stay on for another five-year term.Carr's letter cited a BuzzFeed News report from earlier in the month that said recordings of TikTok employee statements indicated engineers in China had access to U.S. data between September 2021 and January 2022.In a statement to CNBC, a spokesperson said, "Like many global companies, TikTok has engineering teams around the world. We employ access controls like encryption and security monitoring to secure user data, and the access approval process is overseen by our US-based security team. TikTok has consistently maintained that our engineers in locations outside of the US, including China, can be granted access to U.S. user data on an as-needed basis under those strict controls."
On June 17, the same day as the BuzzFeed report, TikTok announced it was routing all of U.S. user traffic to Oracle Cloud Infrastructure, and was moving U.S. users' private data from its own data centers in the U.S. and Singapore to Oracle cloud servers in the U.S.