TikTok is a hugely popular social media app, especially among teenagers and young adults. As of 2022, TikTok has over 1 billion monthly active users globally. However, concerns around TikTok’s data collection practices and links to the Chinese government have raised alarm bells when it comes to user privacy.
TikTok is owned by the Chinese company ByteDance. There are fears that TikTok may be sharing user data with the Chinese government, although TikTok has denied these claims. Still, many experts warn that TikTok collects vast amounts of data from users’ devices and online activities.
Specifically, TikTok has come under fire for the types of user data it gathers, including location information, browser history, contacts, phone identifiers, and more. TikTok also tracks user interactions within the app to target personalized ads and recommendations.
In light of these concerns, U.S. lawmakers and officials have considered banning TikTok or forcing ByteDance to sell it. Understanding exactly what data TikTok accesses on users’ phones is important for assessing the privacy risks involved.
Location Data
TikTok accesses a user’s location data even when the app is not in use. According to a 2021 study by WLFA, TikTok collects location data based on a device’s SIM card and IP address. The study found that TikTok was able to determine a user’s location to a very precise level, down to the altitude and speed at which they were traveling.
This extensive location tracking allows TikTok to build detailed profiles about its users’ movements and habits. The data can be used by TikTok and third-party advertisers to target ads and recommendations. Users have limited control over this background location tracking, besides revoking app permissions entirely.
Contacts
TikTok automatically uploads your phone contacts without consent when you first sign up for an account. According to TikTok’s support page, the app accesses your contacts in order to help you find and connect with friends who also use TikTok. Once your contacts are uploaded, TikTok will match your contacts against existing user profiles and suggest them to you as potential friends to follow.
While this feature provides more connectivity, many users are uncomfortable with TikTok scraping their contacts without asking for permission first. TikTok likely views gaining access to your contacts as a growth and network strategy. However, uploading contacts without explicit consent raises significant privacy concerns.
Metadata
TikTok collects a significant amount of metadata about its users, including usernames, bios, profiles, and more. This allows TikTok to understand its users’ interests, habits, demographics, and behavior on the platform. According to the TikTok Developer Documentation, TikTok’s APIs allow third-party developers to access user metadata like usernames, profile pictures, follower counts, and more [1]. Tools like PykTok have been developed specifically to collect TikTok user metadata like usernames and text [2]. Metadata can also reveal information users didn’t necessarily consent to sharing. As one TikTok user explains, metadata contains hidden data like geotags that users might not realize they’re sharing [3]. Overall, TikTok’s collection of metadata provides it with a strong understanding of who is using the platform and how.
Device Information
TikTok collects a significant amount of data from your device, including your device ID, operating system, network information, and more. According to TikTok’s privacy policy, they collect your device model, operating system version, IP address, unique device identifiers, and mobile network information including your phone number [1]. This allows them to fingerprint your device and track you across multiple apps and services. The device ID in particular is a unique, unchangeable number that allows companies to build robust profiles about users.
Browsing History
TikTok tracks the websites and links that users click on while browsing the app. This includes keeping a record of your search history and the videos you watch in the app. When you tap on a link or profile from the TikTok app, it opens up an in-app browser that allows TikTok to monitor your activity.
According to sources, TikTok saves about a week’s worth of browsing history and watch history in the app. You can access your recent TikTok search history by tapping on the search bar, where your recent searches will appear as suggestions. TikTok likely uses this browsing data for targeting ads and recommending content within the app.
While TikTok states that it collects this browsing data as part of its “core service offering,” many privacy advocates argue this level of tracking goes beyond what’s necessary for the app to function. Users concerned about their browsing privacy may want to avoid clicking links or profiles within the TikTok app itself.
Messages
One of the biggest privacy concerns surrounding TikTok is its alleged access to users’ clipboard content and messages. With the rollout of the iOS 14 beta, it was revealed that TikTok was periodically reading clipboard contents, although the company claimed it was an anti-spam measure and not a way to monitor user messages (source). This sparked significant backlash and accusations that TikTok was snooping on private user information.
TikTok responded by claiming they would no longer access clipboard contents on iOS devices in an update (source). However, concerns remain about the app’s access to private messages and user data. Many security experts warn users should be cautious about the types of sensitive information entered into TikTok given its data collection practices.
Face/Voice Data
TikTok’s privacy policy states that the app may collect information about users’ faces and voices when they use features like face filters and voice effects. However, TikTok claims they do not use this data for facial or voice recognition purposes to identify users.
In June 2021, TikTok updated its privacy policy to explicitly mention collecting “faceprints and voiceprints” from videos uploaded to the app (https://time.com/6071773/tiktok-faceprints-voiceprints-privacy/). This caused concern that TikTok could be using facial recognition without user consent. However, TikTok stated this data is only used to inform algorithms about the videos and is not used for biometric identification.
Some lawsuits have accused TikTok of wrongfully collecting biometric data. In 2021, TikTok paid $92 million to settle a class action lawsuit alleging the app’s facial recognition technology violated user privacy (https://pursuit.unimelb.edu.au/articles/tiktok-captures-your-face). TikTok denied these claims but agreed to settle.
While TikTok claims they do not use facial/voice recognition to identify people, the app’s ability to collect this type of identifiable data has raised privacy concerns. Users cannot opt-out of this data collection when using face/voice features in the app.
Targeted Advertising
One of the main ways TikTok uses the data it collects is for targeted advertising. When you use TikTok, it builds up a profile of your interests and activities in order to serve you ads that are more relevant to you. This is known as interest-based advertising.
According to TikTok’s Privacy Center, the app collects information about your activity on and off the platform to personalize the ads you see [1]. This includes the content you engage with, accounts you follow or interact with, device information, and more. TikTok may also obtain information about you from third-party partners and public sources to further refine its understanding of your interests [1].
Recently, TikTok announced some new restrictions on the types of data that can be used for advertising targeting of teen users in the US [2]. However, interest-based advertising will still be utilized. When you use TikTok, you can expect to see ads that align with your inferred interests and demographics based on how TikTok profiles you.
TikTok is also testing a new ad targeting tool called PrivacyGo that aims to offer improved data privacy while still enabling relevant ads [3]. However, the extent to which this will limit TikTok’s data collection and targeting practices remains to be seen.
[1] https://www.tiktok.com/privacy/ads-and-your-data/en
[2] https://www.tiktok.com/business/en-US/blog/privacy-updates-improved-data-control-transparency-tools
[3] https://searchengineland.com/tiktok-ad-targeting-tool-privacygo-data-privacy-430283
Protecting Your Privacy
There are several steps you can take to limit how much data TikTok can collect about you and your device:
First, be careful about granting permissions when installing the app. Avoid enabling access to contacts, camera, microphone, location, etc. if not needed for core functionality. You can revoke permissions after installing as well. According to MakeUseOf, restricting permissions is one of the most effective ways to limit TikTok’s data gathering.
Using a virtual private network (VPN) can also help minimize tracking by hiding your IP address and location. VPNs route your traffic through an encrypted tunnel, making it harder for TikTok to pinpoint your device details and activity. The Tech Edvocate recommends VPNs as part of a multi-layer privacy approach.
You may also want to limit use of third-party social login options when creating your TikTok account. Services like Facebook Login allow tracking and data sharing across platforms. Stick to signing up directly with an email instead.
Regularly clearing cookies and data for TikTok can help reset the app’s access to some device identifiers and usage patterns. You can also uninstall the app when not in active use to limit background collection. Just be aware TikTok may retain some data server-side even after uninstalling.