The concerns about TikTok are that it's potentially Chinese government spyware because TikTok is owned by a mainland Chinese company which has legal obligations to the Chinese government.
Zoom is a US company that is not answerable to the Chinese government. Like many companies, Zoom has chosen to outsource some of its operations, and those overseas offices create various infosec risks. And given that Zoom infosec seems to be a total clown show, those infosec risks are probably more serious at Zoom. But that would be equally true of any other American company that is really lax about security and too cheap to employ American developers.
Not entirely true. While Zoom as a company is not answerable to the Chinese government, the developers are.
Given that we have such horrible laws even in the "more democratic" parts of the world, such as Australia [1], it is not unthinkable that the Chinese government may ask a Chinese developer to install a backdoor to a foreign based product they are working on:
> The Electronic Frontier Foundation has said police could order individual IT developers to create technical functions without their company's knowledge.
except its not an office, its the majority of their dev team operating inside one of the top 3 unsafest, most anti-american (with respect to cybersecurity) countries in the world.
> Zoom is a US company that is not answerable to the Chinese government.
If that was true, then events like the Huawei USA "Tappy" [1] incident wouldn't have occurred. In any case, I'm not trying to take a stance here but merely wanted to correct your statement that they had more engineers in the US than in China.
Their employees are mostly American, as I originally stated. Their engineers are not.
Huawei USA is almost certainly majority controlled by Huawei China, whereas Zoom's Chinese subsidiary is almost certainly majority controlled by the US parent company. Hence, Huawei is a Chinese company for practical purposes (the people calling the shots will go to jail if they don't do what the CCP wants) and Zoom is an American company (the people calling the shots go to jail if they break American law, and are mostly out of reach of the CCP).
Zoom is a US company that is not answerable to the Chinese government. Like many companies, Zoom has chosen to outsource some of its operations, and those overseas offices create various infosec risks. And given that Zoom infosec seems to be a total clown show, those infosec risks are probably more serious at Zoom. But that would be equally true of any other American company that is really lax about security and too cheap to employ American developers.