TikTok has become one of the most popular social media platforms in the world, with over 1 billion monthly active users. The app allows users to create and share short videos set to music. TikTok is owned by the Chinese company ByteDance.
However, TikTok’s meteoric rise has raised concerns, especially in the US, about potential security risks and data privacy issues. Lawmakers and security experts worry that TikTok may share sensitive user data with the Chinese government, given China’s laws regarding cooperation of technology firms with authorities. There are also concerns about content moderation and censorship.
This article examines the security issues surrounding TikTok, including its access to user data, encryption and other safeguards, vulnerabilities, and comparisons to similar apps. It provides an analysis of the potential risks and steps users can take to enhance security. The goal is to evaluate if it is safe for iPhone users to install TikTok given the security concerns.
TikTok’s Access to User Data
TikTok collects an extensive amount of user data and has access to a range of information beyond what’s needed for an average social media app. When users sign up for TikTok, the app automatically begins collecting data such as device information, location, and browsing history (source).
Some of the key types of data TikTok accesses includes:
- Precise location data, including GPS coordinates and nearby WiFi network info
- Contacts, phone numbers, and call logs
- Camera and microphone permissions
- User interests and activity on the app for targeted advertising
- Potentially sensitive biometric data through its facial recognition feature
Much of this extensive data collection goes beyond what’s needed for the app to function. There are concerns around what TikTok may be doing with this data behind the scenes given its ownership by a Chinese company (source).
Potential for Data Mining
One of the biggest concerns around TikTok is the potential for its parent company ByteDance to mine user data. TikTok collects a significant amount of data on its users including browsing history, location, and device information [1]. While TikTok stores American user data in the US and Singapore, the data could still be accessed and analyzed by ByteDance in China [2].
Specifically, there are concerns that ByteDance could use advanced algorithms and artificial intelligence to mine TikTok user data to determine content preferences, identify key influencers, and gain insights into users’ interests and behaviors. This rich data could potentially be used by the Chinese government to censor content, surveil citizens, or advance Chinese interests [2].
While TikTok claims that Chinese employees do not have access to US user data, some cybersecurity experts argue there are still risks, as source code and algorithms could potentially be designed to identify and extract sensitive user information and send it back to China [1].
Encryption and Security Safeguards
TikTok utilizes encryption and access controls to help keep user data secure. Certain elements of user data are encrypted, according to TikTok’s privacy policy [1]. TikTok states they use industry-standard encryption algorithms to encrypt data both in transit and at rest. The encryption keys are stored securely in a key management system with limited employee access [2].
Additionally, TikTok has implemented access controls that limit employee access to user data based on job function. The company states that access to user data is subject to several robust controls, including encryption for certain sensitive data. TikTok classifies data internally to determine appropriate levels of encryption and access [2].
While TikTok’s encryption and access controls provide important safeguards, some experts note they do not provide end-to-end encryption, which would prevent even TikTok employees from accessing certain user data in decrypted form [3]. Overall, TikTok does appear to utilize standard security measures, but some vulnerabilities may remain depending on the classification of data.
Vulnerabilities and Hacking Risks
TikTok has faced scrutiny over potential security vulnerabilities that could expose user data. In 2022, cybersecurity researchers discovered multiple issues that could allow hackers to access TikTok user accounts and private information like names, emails, birthdays, and videos watched (TikTok Security Vulnerabilities Could Expose User Data).
One vulnerability, calledOAuth issues, affected TikTok’s implementation of OAuth 2.0, allowing threat actors to masquerade as legitimate users and access private videos, user analytics data, and email addresses (TikTok Cybersecurity Risks: What You Need to Know In 2023). TikTok has patched these OAuth vulnerabilities, but security experts warn that new issues could emerge.
In addition, an Imperva Red Team investigation in 2022 revealed a vulnerability that exposed TikTok users’ watched videos, search history, and account details to malicious actors (Imperva Red Team Discovers Vulnerability in TikTok). While TikTok addressed this flaw, the incident highlighted the app’s potential for data exposure.
Though risks exist, TikTok seems to be taking steps to identify and resolve security issues. Users should enable two-factor authentication and remain vigilant about potential hacking schemes targeting TikTok accounts.
Comparisons to Other Apps
When it comes to data collection practices, TikTok gathers more user data than other major social media platforms like Facebook, Instagram, and Snapchat. According to a 2022 study, TikTok collects data on a user’s browsing history, keystrokes, location, biometrics, and content of messages (1). Facebook and Instagram collect less data by comparison, focusing more on users’ locations, browsing history, and content preferences (2).
Some key differences in TikTok’s data collection versus other apps:
- TikTok collects keystroke patterns, while Facebook and Instagram do not (1). This allows TikTok to gather insights about users’ typing speed and habits.
- TikTok gathers more granular location data including nearby wifi networks. Facebook and Instagram collect basic location data on where posts originate (2).
- TikTok collects extensive data on messages sent within the app, while Meta’s apps collect limited message data (2).
When it comes to encryption, TikTok uses HTTPS encryption during transmission like other social media apps. However, TikTok’s encryption practices for stored data are unclear compared to Meta’s apps which encrypt data at rest (3).
In terms of vulnerabilities, TikTok faced security issues like JSON hijacking in 2021 which allowed manipulation of user profiles (4). Facebook and Instagram have also faced vulnerabilities, but their scale has been more limited compared to TikTok’s massive userbase.
Overall, TikTok’s data collection breadth, unclear encryption standards, and large attack surface make it stand out versus competitors when it comes to potential privacy and security risks.
Sources:
(3) https://us.norton.com/internetsecurity-privacy-what-you-need-to-know-about-tiktok.html
Steps Users Can Take
There are several steps users can take to enhance their privacy and security if using TikTok on iPhone:
- Enable all privacy settings like private account, comments filter, suggested users, etc. (Privacy and Security | TikTok)
- Be selective in sharing personal information like real name, birthday, location, etc.
- Turn off data collection for ads in the app’s privacy settings.
- Don’t connect social media accounts like Instagram or Facebook.
- Create a complex password and enable two-factor authentication.
- Regularly clear the app’s cache and data.
- Don’t click on suspicious links in messages or comments.
- Install security updates as soon as they become available.
Taking precautions like limiting sharing, using privacy settings, and being wary of suspicious links and messages can help iPhone users utilize TikTok more securely.
Apple’s Role
As the gatekeeper of the iOS App Store, Apple plays an important role in reviewing and approving apps like TikTok before they can be downloaded by iPhone users. Apple has a strict App Review process and detailed guidelines that all apps must comply with in order to be accepted into the App Store. This includes specific policies around user privacy, data collection, and security.
Regarding privacy, Apple’s guidelines state that apps should only request access to user data that is relevant for the core functionality of the app. Apps are also required to clearly disclose what user data will be collected and how it will be used. While TikTok’s data collection practices have raised some concerns, Apple’s review process aims to ensure apps adhere to these privacy standards before being allowed in the App Store.
Overall, Apple aims to provide iPhone users with a trusted, secure platform for downloading quality apps. But the company ultimately cannot control what apps like TikTok do with user data after the apps are installed and running on users’ devices. So while Apple provides some safeguards in the App Store review process, the user still bears some responsibility for understanding the potential risks before installing apps like TikTok.
The Verdict
Based on the information presented, installing and using TikTok on an iPhone does come with some risks that users should be aware of. However, these risks may not be substantially greater than other popular social media apps.
The main concerns with TikTok are its access to user data, potential for data mining, and vulnerabilities to hacking. However, TikTok does use encryption and other security measures to protect user data. Furthermore, all social media apps collect significant amounts of user data and face risks of data breaches.
In comparison to apps like Facebook or Instagram, TikTok does not appear to present uniquely high risks for iPhone users. While its parent company ByteDance is based in China, TikTok’s data collection and security practices are similar to other major tech firms.
Ultimately, users must decide for themselves if TikTok’s features and appeal outweigh the potential risks. There are steps iPhone users can take to boost security and minimize data collection, such as adjusting app permissions, using strong passwords, and enabling two-factor authentication. But no app today can guarantee complete data privacy.
For most iPhone users, installing TikTok is likely a reasonable risk, albeit with the need for awareness and caution around data sharing and account security. With proper precautions, TikTok can likely be used safely by the majority of iPhone owners.
Sources
Henderson, B. (2021, August 14). Is TikTok safe? Experts weigh in on the video app’s security issues. GMA. https://www.goodmorningamerica.com/family/story/tiktok-safe-experts-weigh-video-apps-security-issues-79340992
Nightingale, S. (2020, July 9). Is TikTok Secure? Forbes. https://www.forbes.com/sites/stephanienightingale/2020/07/09/is-tiktok-secure/?sh=67009a6146f8
Apple. (2022). App store privacy details: TikTok. Apple. https://apps.apple.com/us/app/tiktok-make-your-day/id835599320#?platform=iphone
Matney, L. (2020, March 4). Everything you need to know about TikTok. TechCrunch. https://techcrunch.com/2020/03/04/tiktok-what-is-it/
Cao, J. (2021, June 22). What Apple and FBI have said about hacks of iPhones. The Wall Street Journal. https://www.wsj.com/articles/what-apple-and-fbi-have-said-about-hacks-of-iphones-11624378602
Whittaker, Z. (2019, March 5). TikTok vulnerability allowed hackers to download user videos. TechCrunch. https://techcrunch.com/2019/03/05/tiktok-flaw/