One of the fastest-growing newcomers to the social media game, TikTok, is accused of harvesting its users’ personal data and has been pinpointed as a major security threat by authorities.

TikTok is a Chinese-owned app that has risen to startling heights among the social media community in recent years. Users of the app can make short, entertaining videos, adding filters, music, and other effects. Due to the short and engaging nature of the app, it has become very popular for viral challenges. 

The TikTok content algorithms intend for videos to have high reach potential, regardless of the number of followers that the creator has. Where popular social platforms like Instagram, Facebook, Twitter, and YouTube have become brand and monetary focused, TikTok has maintained a creative identity where like-minded people can connect as a virtual community, increasing its popularity, especially among youth.

TikTok’s Worldwide Success

Here are some statistics to demonstrate TikTok’s popular position in the marketplace:

  • In 2019, TikTok was the second most downloaded free app in the world. The only app with more downloads was WhatsApp. 
  • The app has 800 million active users worldwide and has been installed on over 1.9 billion devices all over the world.
  • It is available in 154 countries and is most popular in Asia.
  • Per post, it has the highest engagement rate of all social media channels. 
  • 20% of TikTok’s revenue comes from the USA and 69% of its revenue comes from China.
  • 90% of active users use the app multiple times every day.

With such a strong popularity worldwide, data harvesting user information would be an egregious breach of privacy. However, issues have been identified recently that position TikTok as a major security threat according to authorities.

TikTok Security Concerns

The security concerns were first brought to light publicly in early 2019. Rival social media companies questioned the data collecting and sharing processes of the app. This prompted a call for action and investigation against the company. Government officials publicly warned people of their suspicions, including that TikTok’s privacy policies and security procedures were ambiguous at best.  

The general feeling of distrust and suspicion was fueled further in early 2020. On April 8th, a Reddit thread exploded when a user claimed to have reverse-engineered the app, subsequently finding suspicious and intrusive user tracking. The thread detailed a host of privacy issues within the app. The user claimed that TikTok was a “data collection service that is thinly-veiled as a social network.” 

The Reddit user suspected that TikTok has been using an API to collect private information on users, users’ contacts, or users’ devices. There have also been claims that TikTok had been harvesting data involving the following:

  • Phone hardware: CPU type, hardware ID, memory usage, disk space, etc.
  • Other apps installed on your device.
  • Network information: IP addresses, routers, Wi-Fi information.
  • Information on whether or not your device has been rooted or jailbroken.
  • GPS data.
  • A proxy server (intended for “transcoding media”) that has zero authentication.

What We Know About TikTok’s Data Harvesting

Since these claims, some security researches have refuted the allegations and claimed that the information that TikTok collects on their users is in line with the regular standards for social media apps. Beyond the speculation and allegations, however, here are some key points that we know for sure about TikTok’s information gathering

  • TikTok records all information involved in creating content or messaging, including drafts, deleted content, and content or messaging that was never posted. 
  • Keystroke dynamics, indicating where you touch or swipe your screen, are recorded. These patterns are significant. No other social media platforms claim to capture this data.
  • TikTok absorbs all information about your device. This is standard practice for the majority of social apps. 
  • Access to your contacts is granted with your permission.
  • TikTok determines what you’re interested in and generates a custom feed to provide content that you will enjoy. The main issue with this is that developers in China can potentially manipulate what content you see. This can lead to subliminal messaging, persuasion, censorship, and other intrusive acts. 

While there is still much speculation regarding whether or not TikTok is harvesting users’ data illegally, national governments and those studying the app have noted significant security concerns tied to the app. 

What Can Users Do?

One thing that is certain is that TikTok does collect a lot of information from its users. Security experts therefore suggest working with a trained managed IT security professional to ensure your devices are properly managed to secure private data and avoid breaches of personal information. 

Working with a security expert is especially critical if as a business owner, your employees use TikTok on the same devices they access company data. This is becoming more common as employees are working from home and often subject to BYOD policies. Downloading and using TikTok on the same device your employees work from could put company data at risk. 

As studies continue on the legality of TikTok’s data harvesting and the security threats it could pose, it’s wisest to be extremely cautious when using the app, if you use it at all. Ensure your privacy settings are set to protect your private information, and make sure you are fully aware of the privacy you may be compromising by agreeing to their usage policies.