TikTok is a short-form video sharing app that has exploded in popularity since launching in 2016. The app was initially created by ByteDance, a Chinese tech company, under the name Douyin. In 2017, ByteDance launched TikTok for markets outside of China. Since then, TikTok has seen astronomical growth, amassing over 1 billion monthly active users globally as of September 2021.
TikTok’s growth has been especially significant in the US. As of July 2022, TikTok had around 70 million monthly active users in the US alone. The app’s growth was further fueled during the COVID-19 pandemic in 2020 and 2021.
However, TikTok’s rapid ascent has not been without controversy. The app has come under heavy scrutiny regarding its data collection practices and privacy policies. There are concerns that TikTok’s parent company ByteDance could be compelled by Chinese authorities to share user data or manipulate content. This has raised alarms in Western markets like the US, where regulators and policymakers have warned that TikTok poses national security risks.
While TikTok has pushed back against some of these accusations, the app is still working to address data security concerns and assure users that their information is safe on the platform.
TikTok’s Track Record on Privacy and Security
TikTok has had a concerning history when it comes to protecting user privacy and security. In 2019, TikTok agreed to pay $5.7 million to settle Federal Trade Commission allegations that it illegally collected personal information from children under 13 without parental consent. There have also been claims that TikTok censored content related to certain social and political issues.
Additionally, TikTok has faced scrutiny over potential data leaks. In 2021, cybersecurity researchers discovered vulnerabilities that could have allowed hackers to manipulate user data and reveal personal information. While TikTok patched these flaws, it raised larger concerns about the platform’s security practices and safeguards.
Critics have argued that TikTok’s data collection and storage policies, especially regarding U.S. user data being accessible from China, poses national security risks. However, TikTok claims it stores all U.S. data domestically with backups in Singapore.
Data Collection and Sharing Concerns
TikTok has faced ongoing criticism over the amount of user data it collects and shares. According to an investigation by public interest advocacy group U.S. PIRG, TikTok’s data collection practices are “excessive” compared to other social media platforms. TikTok tracks information about which videos users watch, how long they watch, and their interactions like comments, likes, and shares. The app can access users’ locations, contacts, and other sensitive data. TikTok’s privacy policy also allows broad data collection including users’ age, phone and social network contacts, and device information (Demystifying TikTok data collection).
Much of this data can be accessed by TikTok’s parent company ByteDance, which is headquartered in Beijing. There are concerns that the Chinese government could pressure ByteDance to share TikTok data. TikTok claims that U.S. user data is stored on servers in the U.S. and Singapore, but given China’s data security laws, the government likely has potential access (Demystifying TikTok data collection). This raises fears about censorship, surveillance of users, and data being handed over to the Chinese government.
Recent Improvements
In recent years, TikTok has made several changes aimed at improving privacy and security in response to ongoing concerns. Some of the most notable improvements include:
Opening of data centers outside of China – In 2022, TikTok announced plans to store U.S. user data on Oracle Cloud servers in the United States. TikTok claims this move allows them to better safeguard user data.
Increased transparency around practices – TikTok has published more details on its privacy policies and security practices, including an expanded Transparency Center and a Transparency Report. The company says this allows for greater accountability.
New privacy and security features – Users can now opt to hide some profile information like birthdays, phone numbers, and emails. TikTok also added options to control comment filters, direct messages, and account privacy. Features like Family Pairing and Screen Time Management aim to increase safety.
Oversight and Regulations
The U.S. government and governments around the world have taken steps to increase oversight and regulation of TikTok due to data privacy concerns.
In the U.S., there have been various efforts to restrict TikTok. As of June 2023, federal employees and employees in 34 states are prohibited from using TikTok on government devices, according to Wikipedia. In May 2023, Montana became the first state to pass a bill banning TikTok from all state-owned devices, with the law set to take effect in January 2024 according to TechTarget.
New laws have been proposed regarding TikTok’s data practices. For example, in 2022, a bill called the No TikTok on Government Devices Act was introduced in Congress to ban TikTok from government devices nationwide. Multiple other bills have been introduced to regulate how TikTok handles user data.
Remaining Vulnerabilities
Despite TikTok’s efforts to improve privacy and security, experts warn that the app still has concerning vulnerabilities. In August 2022, Microsoft discovered a high-severity vulnerability in TikTok’s Android app that could have enabled attackers to compromise user accounts with just a single click (https://www.microsoft.com/en-us/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/). Though TikTok patched this particular vulnerability, its discovery highlights the potential for data breaches through security flaws in the app’s code.
According to cybersecurity experts, TikTok’s API and use of deep links leaves potential avenues for malicious actors to gain access to user data (https://winsorconsulting.com/tiktok-cybersecurity-risks-2023/). In May 2023, Imperva’s red team discovered a vulnerability related to TikTok’s message handling that could reveal user activity and information (https://www.imperva.com/blog/imperva-red-team-discovers-vulnerability-in-tiktok-that-can-reveal-user-activity-and-information/). While not directly exposing personal data, vulnerabilities like this demonstrate that risks remain despite TikTok’s public commitments to security.
Overall, experts emphasize the need for continued vigilance, auditing, and patching of vulnerabilities by TikTok to protect user data. While progress has been made, TikTok’s security track record leaves lingering doubts about its ability to fully lock down weaknesses that could expose personal information.
Protecting Personal Information
There are several steps TikTok users can take to limit data collection and protect their privacy on the platform:
First, users should make their account private by going to their profile, tapping the three-line menu icon, selecting “Privacy and Settings,” and toggling “Private Account” on. This prevents videos from being seen by random users.
Second, users can limit data collection by adjusting app permissions and opting out of personalized ads. In the app settings under “Privacy,” users can select “Permissions” and toggle off access to contacts, location, camera, etc. Users can also select “Ads” in settings and toggle “Personalized ads” off.
Additionally, users should be careful about what personal information they share in their bio, videos, captions, comments, messages, etc. Sharing contact info, addresses, and other sensitive data can open the door to security risks.
Experts also recommend using a unique complex password and enabling two-factor authentication for added security (see https://cyberguy.com/tech-tips-tricks/how-to-protect-your-privacy-on-tiktok/).
While no platform can provide complete privacy, following these best practices can help TikTok users limit data collection and exposure.
The Bigger Picture on Social Media
TikTok is far from the only social media platform that has faced scrutiny over its data collection and privacy practices. Platforms like Facebook and Instagram have also been criticized for their extensive data gathering and questionable sharing policies. According to EPIC, Facebook has access to hundreds of thousands of data points about its users, and their policy allows them to share much of that data with third parties. Instagram’s privacy policy also gives them broad rights to share user data within the Facebook company.
So far there are no comprehensive federal regulations around social media privacy in the US, though there have been some efforts, like the proposed Social Media Privacy Protection and Consumer Rights Act, which would impose privacy requirements on large online platforms. However, most social media regulation occurs at the state level. Without stronger federal laws, privacy protections remain inconsistent across platforms and states, leaving gaps where user data is still vulnerable.
The Future of TikTok
As TikTok continues to grow in popularity, additional reforms and regulations are likely in order to protect user privacy and security. TikTok has already faced scrutiny from governments worldwide, so the pressure remains for further improvements. Given the app’s massive userbase, reforms will likely focus on enhancing data protection, transparency, and oversight.
TikTok could see increased competition from other social media platforms emerging as privacy-focused alternatives. Apps like BeReal, Poparazzi, and Yubo are gaining attention for their emphasis on authenticity and real connections versus algorithmic recommendations. While they may not directly compete with TikTok’s short video format, their growth highlights user demand for safer online experiences. Major platforms like Instagram and YouTube have also launched TikTok-like short form video features. Still, TikTok’s community and content discovery algorithm give it an advantage over clones. Overall, TikTok’s future likely depends on striking a balance between maintaining the app’s addictive user experience while reassuring governments and users it takes privacy seriously.
Conclusion
Despite the privacy concerns that have plagued TikTok in the past, the platform appears to have made significant strides in improving security and protecting user data. With the implementation of access controls, encryption, and transparency efforts, TikTok is heading in a more privacy-focused direction. While some vulnerabilities likely remain, the recent changes reflect a commitment to enhanced safety and security.
However, users would be wise to continue approaching TikTok with educated caution. No platform can guarantee complete data security, and TikTok’s checkered history warrants extra vigilance around sharing sensitive information. Maintaining strong privacy settings, being selective about what is posted, and avoiding oversharing personal details are all advisable safeguards.
In the fast-moving world of social media and technology, improvements often go hand-in-hand with new risks. As TikTok evolves, users must stay informed on the latest developments and make responsible decisions about how they engage with the platform. With knowledge and care, TikTok can likely become a safer place for personal expression and creativity. But a degree of wariness is still warranted to protect privacy and prevent misuse of data.