TikTok is one of the world’s fastest growing social media platforms, with over 1 billion monthly active users as of 2022. First launched in China as Douyin in 2016, TikTok rapidly gained popularity worldwide after launching internationally in 2017. Within just a few years, TikTok has become a top social app and is considered the home for short-form mobile videos.
Some key statistics on TikTok’s incredible growth include:
- TikTok was downloaded more than 175 million times in Q3 2022, the most downloads ever for any app in a single quarter (Source: https://www.konstructdigital.com/content-marketing/tiktok-stats-roundup/)
- TikTok had over 1 billion monthly active users as of September 2021 (Source: https://bloggingwizard.com/tiktok-statistics/)
- TikTok was the most downloaded app worldwide in 2020 and 2021 (Source: https://www.charle.co.uk/articles/tiktok-statistics/)
With this massive growth and popularity, TikTok has also faced growing security and privacy concerns, which we’ll explore throughout this article.
TikTok’s Security Challenges
TikTok has faced widespread criticism and scrutiny over its security practices and protection of user data and privacy.Kaspersky notes that TikTok has been banned at various times by the US military and government agencies due to data privacy concerns. Specifically, the app’s Chinese ownership and the possibility it shares data with the Chinese government has caused alarm. There are also concerns around TikTok’s access to user location, metadata, browsing history and more.
Additionally, TikTok has faced challenges around properly moderating content and preventing the spread of misinformation, hate speech, and dangerous challenges. Critics argue TikTok’s algorithms can promote negative content and impact mental health. Controversial moderation decisions have also highlighted inconsistencies in TikTok’s community guidelines enforcement.
TikTok’s In-House Security Team
TikTok employs a sizable in-house security team to protect its platforms and user data. While the exact number is not publicly disclosed, experts estimate TikTok’s security division numbers in the hundreds of employees.
TikTok’s internal security team focuses on several key areas:
- Application security – Ensuring TikTok’s mobile apps and back-end systems are secure through testing and monitoring.
- User privacy – Developing and enforcing policies to protect user data and comply with privacy regulations.
- Incident response – Detecting and responding quickly to security incidents like data breaches.
- Threat intelligence – Researching cyber threats and vulnerabilities to stay ahead of potential attacks.
- Security engineering – Building security into TikTok’s software development lifecycle and infrastructure.
With scrutiny growing around TikTok’s security, the company continues to expand its in-house expertise across these critical domains.
Third-Party Security Contractors
TikTok hires outside security contractors to supplement its in-house security team. This provides additional expertise and allows TikTok to scale up security rapidly as needed. Some of the major third-party security contractors TikTok has worked with include Triple Canopy, a private security company contracted by the U.S. government, and Project Interceptor, an Israel-based cyber intelligence firm.
According to reporting by The Intercept, TikTok recruited heavily from U.S. military contractors like Triple Canopy to staff its security operations, especially for moderating content and cyber threat analysis. TikTok has come under criticism for hiring Western contractors with military and intelligence backgrounds, given concerns about TikTok’s ties to China.
Relying on third-party security firms provides TikTok with additional capacity and expertise. However, it also raises questions about accountability and the extent to which TikTok controls its security policies versus outsourcing decision-making to contractors. Oversight and management of third-party security teams remains an issue for TikTok to address.
Security Budget and Spending
Much of TikTok’s overall security budget is not disclosed publicly. However, reports indicate that the company has significantly increased its security spending in recent years. In 2021, TikTok reportedly allocated over $1.5 billion specifically for data security efforts in the US, representing a threefold increase from the previous year. This large investment came amid growing scrutiny from US regulators over data privacy and national security concerns.
More recently in 2022, TikTok made headlines when disclosures revealed New York City had spent nearly $300,000 on TikTok advertising campaigns, even as warnings emerged about security risks of using the app. This example highlights the substantial amounts being directed towards TikTok ads and promotions, portions of which likely support the platform’s overall security protections.
While the total security budget is not public, TikTok’s parent company ByteDance reported $34.3 billion in revenue for 2021. Industry analysts estimate ByteDance spends 10-15% of revenue on security, which would equate to $3.4 – $5.1 billion annually. However, the exact budget for TikTok security remains unknown outside the company.
Salaries for Security Roles
TikTok offers competitive salaries for key cybersecurity positions. According to Glassdoor, the average base salary for a Security Engineer at TikTok is $137K per year, with additional pay averaging $46K per year which could include bonuses or stock options [1]. For Information Security Analyst roles, Glassdoor indicates an average base salary of $102K [2]. According to ZipRecruiter, the average annual pay for a Software Engineer at TikTok is $147,524 [3].
These salary ranges demonstrate TikTok’s willingness to pay top dollar to recruit and retain expertise in key cybersecurity roles. As a leading social media platform handling massive amounts of sensitive user data, TikTok recognizes the importance of information security and compensates their security team accordingly.
Security as a Priority
For TikTok, security has become an utmost priority in recent years. In a 2020 blog post, TikTok stated that “Security is constantly evolving, and our team is committed to meeting the challenge head-on. We will continue to build a safe and secure app for our community” (source). With growing security threats like hacking and breaches, TikTok has invested heavily in keeping its platform and user data protected.
Some key evidence showing TikTok’s focus on security includes:
- Establishing a cybersecurity team called TikTok US Data Security (USDS) focused solely on platform security
- Partnering with third-party firms to regularly audit and test its security systems
- Quickly patching any vulnerabilities identified by internal teams or external researchers
- Implementing end-to-end encryption for user data in transit and at rest
- Providing users with tools to enhance account security and privacy
With data security being central to maintaining user trust and engagement, TikTok seems committed to making it a high priority moving forward.
Security Improvements
TikTok has implemented several recent security improvements to better protect user data and privacy. In July 2022, TikTok announced that all new U.S. user data will be stored by Oracle, providing added security and oversight (https://www.houseofmarketers.com/tiktok-security-evolution-updates-implications/). TikTok is also using encryption to secure user data in storage and during transmission. According to TikTok’s transparency report, 100% of TikTok user data in transit is encrypted using TLS (https://www.tiktok.com/transparency/en/security-privacy/). Additionally, TikTok has partnered with security firms to identify and fix vulnerabilities through bug bounty programs.
Industry Comparisons
When it comes to security, TikTok faces scrutiny that some of its competitors do not. As a Chinese-owned company, TikTok is perceived to have closer ties to the Chinese government than American social media platforms like Facebook, Instagram and Snapchat (Time, 2023). This leads to concerns that user data could be accessed by the Chinese government or used to advance its interests.
However, TikTok claims it stores American user data in servers based in the United States and Singapore, keeping it segregated from data stored in China. TikTok also points out that its competitors, especially Facebook, have had their own major data and security issues in recent years (KXAN, 2023).
In terms of actual cybersecurity practices, it’s difficult to directly compare companies. Each platform utilizes its own mix of in-house experts and third-party security services. However, experts argue the security threats users face are similar across platforms and that TikTok has shown initiative in addressing concerns (MSUDenver, 2023).
While debates continue around data privacy and ties to China, from a cybersecurity standpoint, TikTok appears as secure as competitors. And all major platforms still have work to do in protecting user data and preventing breaches.
Conclusion
In summary, TikTok dedicates significant resources and budgets to cyber security in order to protect its platform, data, and users. As the app continues to grow rapidly around the world, security threats and challenges will persist. However, with its investments in in-house security teams, third-party security services, infrastructure, and compliance, TikTok appears committed to strengthening its security defenses. While its security practices have room for improvement, especially compared to more established tech giants, TikTok seems focused on making security a priority now and into the future.
Looking ahead, TikTok is likely to continue expanding its security capabilities, hiring more cybersecurity professionals, refining its security infrastructure, and partnering with experts to implement best practices. With strong security as a foundation, TikTok can continue working to build user trust, roll out innovative features, and maintain rapid growth as a leading social media platform worldwide. While security risks won’t disappear, a vigilant approach to security will enable TikTok to thrive as a globally popular brand.
