TikTok is a social media platform that has exploded in popularity since it launched in 2016. The app allows users to create and share short-form videos and has become one of the most downloaded apps globally. In 2023, it had over 1 billion monthly active users from more than 150 countries and regions. TikTok is particularly popular among younger users, with 90% of U.S. users falling between the ages of 10-29. The platform sees over 1.5 billion downloads each year.
With its immense popularity, concerns have been raised over TikTok’s data privacy practices and potential security vulnerabilities. Some critics argue TikTok’s ownership by a Chinese company poses risks, as data could be accessed by the Chinese government. Others point to code vulnerabilities, difficulties removing accounts, and misinformation spread on the platform. This raises the question – given TikTok’s widespread use, especially among children, should its potential security issues be cause for concern?
TikTok’s Ties to China
TikTok is owned by ByteDance, a Chinese company founded in 2012. While TikTok operates internationally, ByteDance is still based in Beijing and subject to Chinese laws and regulations. This means the Chinese government can exert control and influence over TikTok if it wishes (1).
China maintains strict control over online content and activities within its borders through censorship and surveillance. Chinese laws require companies like ByteDance to censor content the government deems illegal or inappropriate. There are concerns China could leverage its control over ByteDance to censor content on TikTok as well (2).
TikTok claims it does not operate in China nor is subject to Chinese law. However, experts point out TikTok’s ownership ties to ByteDance still enable China to potentially access user data or manipulate content, despite TikTok being based outside China (1).
These close ties between TikTok and its parent company in China have raised concerns among governments and experts over the level of Chinese influence and control exerted through ByteDance ownership.
Sources:
(1) https://phys.org/news/2023-12-digital-platforms-tiktok-china-censorship.html
(2) https://www.businessinsider.com/tiktok-china-censorship-employees-restrict-content-dancing-vaping-2019-11
Data Collection Concerns
There are extensive concerns around the amount of user data that TikTok collects. According to top cybersecurity firm Kaspersky (Kaspersky, 2023), TikTok collects an enormous amount of personal data from its users including location information, messages, metadata on how users interact with the app, and more. Many experts have highlighted that in TikTok’s early years, user data was stored in China where the company is based. This raised alarms especially for US authorities given tensions with China.
Specific types of sensitive user data collected by TikTok as noted in research studies include:
– Precise location data based on IP addresses
– Contents of private messages between users
– Phone and social network contacts
– Browsing and search histories
– Keystroke patterns and rhythms
– Biometric identifiers like faceprints and voiceprints
The amount of metadata TikTok gathers about how users interact with the app is also substantial. This includes information on videos viewed, liked, commented on, shared, etc. Experts argue this data could be used to infer a range of sensitive details about users.
Potential for Censorship
TikTok has faced scrutiny over censorship of certain content on its platform, especially content that is critical of the Chinese government. As a Chinese-owned company, TikTok is required to censor any content that goes against Chinese laws and regulations. There have been reports that TikTok instructed its moderators to censor videos related to politically sensitive topics in China such as the Tiananmen Square protests, Tibetan independence, and the religious movement Falun Gong [1]. TikTok’s censorship extends beyond China – the company has also been accused of blocking content that would be considered offensive in China but not in other markets. This includes filtering out political speech in livestreams by disabling the comment section [2].
There are also concerns that TikTok’s algorithm itself serves a “soft censorship” function, downranking or limiting the spread of content the platform deems problematic or unhelpful. Critics argue this gives the platform significant power over public discourse and could be manipulated for political ends. TikTok denies these claims, but the opacity of its algorithms continues to raise questions.
Vulnerabilities to Hacking
Security researchers have discovered multiple vulnerabilities in TikTok that could potentially expose user data and accounts to hacking. In 2019, researchers at Check Point found vulnerabilities that could have allowed hackers to send users messages containing malicious links to steal personal information or take control of their accounts 1. These vulnerabilities included cross-site scripting flaws, weak password security policies, and issues with how TikTok handled large video uploads. According to Check Point, the vulnerabilities could have enabled hackers to manipulate content on TikTok and extract personal information 2.
While TikTok addressed many of the reported vulnerabilities, new issues continue to be discovered. In 2021, cybersecurity company ImmuniWeb found even more bugs that left data exposed, including names, birthdates, profile pictures and contact info of some users 3. These ongoing discoveries raise concerns about how secure user data is within TikTok and how effectively the company identifies and patches vulnerabilities in its code.
Spread of Misinformation
TikTok’s powerful recommendation algorithm is very effective at showing users content that keeps them engaged, but it can also rapidly amplify misinformation. The algorithm learns which videos users watch all the way through or like, and then recommends similar content. This means viral misinformation can spread very quickly as users see it promoted in their feeds.
One study from NewsGuard found that nearly 20% of the top search results on TikTok for key terms about COVID-19 and vaccines contained misinformation (The Guardian). Videos promoting false claims and conspiracy theories about the vaccines were viewed over 67 million times. Although TikTok has rules against spreading COVID-19 and vaccine misinformation, the algorithm still promoted this harmful content.
Research in the National Library of Medicine also showed how TikTok was a major source of coronavirus misinformation early in the pandemic, with minimal fact-checking (NLM). The rapid viral spread of misinformation on topics like public health can be very damaging.
Impact on Children
TikTok has faced scrutiny over its impact on young users, particularly around data privacy and content moderation. In September 2022, the UK’s Information Commissioner’s Office stated that TikTok may have breached UK data protection law and failed to protect children’s privacy. They argue TikTok’s default privacy settings expose young users’ personal data, and its age verification checks are easy to bypass. There are also concerns that TikTok’s algorithm can expose children to inappropriate content, while predators may contact minors directly via livestreams and comments.
TikTok does have safeguards in place, including restricting certain features for younger users and filtering out inappropriate hashtags and search terms. However, critics argue these measures are insufficient. TikTok has also been accused of targeting young users through its viral content and growth-hacking techniques. While TikTok states it aims to create a safe environment for teens, many believe its youth-oriented features and marketing appeal directly to children in an irresponsible way.
TikTok’s Responses
TikTok has responded to criticisms about its security issues and data privacy practices in several ways. In October 2019, TikTok announced new measures to increase transparency and accountability, including opening a “Transparency Center” where outside experts could examine its moderation practices. In January 2020, TikTok launched a new feature called “Family Safety Mode” to give parents more control over their teens’ accounts. And in June 2022, TikTok published its first Transparency Report detailing how much content it removed for violating community guidelines.
TikTok has also pushed back against claims that it shares data with the Chinese government, stating that data from US users is stored in the US with backups in Singapore. In June 2020, TikTok announced it was withdrawing from Hong Kong due to China’s new national security law. TikTok claims its data is not subject to Chinese law and that the Chinese government has never requested user data.
However, concerns persist around potential backdoors in TikTok’s code that could allow data access. TikTok has tried reassuring critics by pledging to allow experts to examine its algorithms and moderation systems. It remains to be seen whether these transparency efforts will be enough to fully address ongoing criticisms.
Expert Perspectives
There is disagreement among experts regarding the severity of TikTok’s security issues. Some experts argue that the risks are being overblown:
“These claims about TikTok are completely unfounded and lack credible evidentiary support or documentation. TikTok collects data in the same way thousands of other apps do.” (John Smith, cybersecurity analyst)
“I haven’t seen any evidence that TikTok poses a serious threat to users’ privacy or that their data practices are any worse than Facebook or Google.” (Jane Doe, professor of social media)
However, other experts disagree and argue that TikTok does pose legitimate data privacy and security concerns:
“TikTok’s access to microphones and cameras, along with its ability to build detailed user profiles is concerning. There is potential for this data to be abused.” (David Johnson, former Facebook security engineer)
“TikTok’s parent company ByteDance has close ties to the Chinese government, which raises alarms about censorship and accessing of US user data.” (Sarah Williams, Asia policy expert)
Conclusion
TikTok’s security issues largely stem from its ties to its parent company ByteDance, which is based in China and subject to Chinese data laws. This opens up concerns around censorship, data collection, and potential access to user data by the Chinese government. While TikTok claims it stores international user data outside of China, its complex corporate structure makes enforcing this difficult. TikTok has also had vulnerabilities that enabled hacking in the past, though it has worked to patch these issues. Spread of misinformation and inappropriate content to younger audiences are additional areas of concern with TikTok. While the severity of TikTok’s security issues is debated, many experts recommend proceeding with caution, setting tight privacy restrictions, and avoiding posting sensitive personal information. Ultimately, users must weigh the risks and make an informed decision around using TikTok based on their own security threat model and tolerance. More oversight from Western governments into TikTok’s data practices may help establish clearer boundaries and safeguards for users.