TikTok is a popular video-sharing social media app developed by the Chinese company ByteDance. Since launching in 2016, TikTok has gained over 1 billion monthly active users worldwide. However, as TikTok’s popularity has grown, so have concerns around potential security and privacy risks.
Some of the main areas of concern include TikTok’s data collection practices, its algorithm that can encourage addiction and questionable content, censorship and restrictions on content, government access to user data, vulnerabilities open to hacking and manipulation, spread of misinformation and dangerous challenges, and threats to child safety. There are also worries around TikTok’s impact on mental health, especially for younger users.
In this article, we will explore the key security and privacy risks that have led TikTok to come under heavy scrutiny from governments, researchers, and users alike.
Data Collection
TikTok collects extensive data on its users. Some of the data TikTok collects includes location data, browsing data, search history, content viewed on the app, and data on other apps installed on the user’s device (Demystifying TikTok data collection, 2023). TikTok’s privacy policy states that they collect “information about your location, including location information based on your SIM card and/or IP address” (Privacy Policy, 2023).
There are significant privacy concerns around TikTok’s data collection practices. While many social media apps collect user data for advertising purposes, the amount of data collected by TikTok is unusually extensive. There is also little transparency into what TikTok does with all this data and who they share it with. Given that TikTok is owned by a Chinese company, ByteDance, there are concerns that user data may be accessible to the Chinese government (Demystifying TikTok data collection, 2023).
While TikTok claims they store US user data outside of China, their data collection still raises important privacy questions. Users have limited control over how their information is used by TikTok. The app does not provide users with access to their own data or a comprehensive list of the types of data being collected (Demystifying TikTok data collection, 2023). Overall, TikTok’s excessive data harvesting coupled with murky privacy practices pose concerning risks for users.
Algorithm and Addiction
TikTok’s algorithm is designed to keep users constantly engaged with the app. It evaluates each user’s interests based on the videos they like, share, and comment on, and then recommends content tailored specifically to each user [1]. This creates an endless feedback loop as users are exposed to videos perfectly aligned with their preferences. According to research from Brown University, the way TikTok recommends content differs greatly from other platforms in its ability to pull users into deep session times [2].
Many experts argue this tailored recommendation system makes TikTok highly addictive. The constant novelty and emotional stimulation from the algorithmically-recommended videos activates the brain’s reward system, releasing dopamine and triggering cravings for more [3]. This can lead to compulsive use and several concerning symptoms associated with screen addiction, like loss of interest in other activities, trouble focusing, and irritability when not using the app.
Censorship
There is evidence that TikTok has down-weighted the posts of topics deemed sensitive by the Chinese government and Chinese Communist Party. Topics alleged to have been suppressed include the Tiananmen Square protests, Tibetan independence, and the religious movement Falun Gong (Wikipedia). This indicates TikTok may be censoring content to comply with Chinese laws and regulations.
TikTok has also faced criticism for removing content it deems problematic, inappropriate, or against its community guidelines. For example, content related to LGBTQ issues, people with disabilities, and political subjects have been removed at times. TikTok admitted to suppressing videos from creators deemed to be susceptible to bullying or harassment in its early moderation efforts (NY Times). However, the platform claims it no longer restricts content from these groups.
Government Access to Data
There are ongoing concerns that TikTok may share data with the Chinese government, posing security risks for users. While TikTok claims user data is stored outside of China, U.S. officials suspect China may still be able to access this data (source). For example, TikTok’s parent company ByteDance is based in China and subject to Chinese data privacy laws that could compel sharing of data with the government (source).
If the Chinese government gained access to TikTok user data, it could potentially use it for surveillance, censorship, or propaganda purposes. Sensitive information like user locations, messages, interests, and contacts could be exploited by the government. There are also concerns around potential misuse of biometric data like faceprints that TikTok collects. While concrete evidence of Chinese government data access is lacking, the theoretical security risks remain an ongoing concern for users and regulators.
Vulnerabilities
TikTok has faced scrutiny over potential security vulnerabilities that could allow hackers to exploit the platform. In 2021, cybersecurity firm Check Point Research reported finding vulnerabilities that could have allowed hackers to manipulate user data and reveal personal information.[1] Researchers warned that threat actors could potentially inject code into videos, manipulate content, and reveal user information through cross-site scripting and arbitrary code execution bugs.
In 2023, cybersecurity company Imperva discovered a vulnerability that allowed pulling data revealing users’ private information such as nicknames, profile pictures, and city location.[2] Imperva noted that hackers could exploit the flaw to scrape large amounts of data for compromised accounts.
In response to findings from security researchers, TikTok has aimed to improve protections by expanding its bug bounty program. TikTok states it will award security researchers who report qualifying security vulnerabilities that meet bounty program criteria.[3] The company has also created a platform for reporting vulnerabilities and claims to respond quickly to fix issues.
While progress has been made, experts note TikTok still lacks full transparency around its security practices. Continued scrutiny from researchers indicates the platform likely still contains exploitable flaws that require ongoing auditing and patching.
[1] https://www.cpomagazine.com/cyber-security/tiktok-fixes-vulnerabilities-allowing-account-hijacking-manipulating-content/
[2] https://www.imperva.com/blog/imperva-red-team-discovers-vulnerability-in-tiktok-that-can-reveal-user-activity-and-information/
[3] https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities
Misinformation and Dangerous Challenges
TikTok has struggled with the spread of misinformation and dangerous viral challenges on its platform. According to TikTok’s own reporting, the company has had to frequently update its policies to combat the spread of misinformation, especially around public health, civic processes, and elections. However, independent analysis has found that TikTok’s misinformation debunking videos are often ineffective at reaching the same audience or preventing the further spread of false claims.
Dangerous viral challenges have also posed issues, as risky stunts or pranks can quickly gain traction among TikTok’s young userbase. TikTok claims to remove videos promoting dangerous acts, but concerning challenges like the “blackout challenge” encouraging users to choke themselves have led to injury and deaths. Parents and experts warn that TikTok’s algorithmic recommendations can expose children to potentially harmful challenges without them even searching for them.
Child Safety
TikTok has faced criticism regarding issues around child predators and exploitative content. According to TikTok’s Guardian’s Guide, the platform has a 12+ age rating and takes measures to protect minors, including:
– Restricting features like direct messaging for accounts under 16.
– Allowing parents to control Digital Wellbeing features like screen time limits.
– Using both technologies and human moderation teams to detect and remove exploitative content and ban predators.
TikTok provides resources like their Youth Safety and Well-Being guidelines to educate parents and children about staying safe on the platform and how to report problematic content or accounts.
However, critics argue these measures may not go far enough, as minors can easily circumvent the age requirements. TikTok has also faced fines for violating child privacy laws in the past. Overall, many experts say parents should closely monitor their children’s TikTok use and utilize available restrictions to protect privacy and safety.
Impact on Mental Health
There is growing concern about the correlation between high TikTok use and mental health issues, especially among teenagers and young adults. One study from the non-profit group Media Matters for America claimed TikTok may surface potentially harmful content related to suicide and eating disorders to young users (source). Researchers have found that the more time spent on TikTok and social media in general, the more likely people are to experience anxiety, depression, loneliness, and other mental health symptoms (source).
TikTok’s endless scroll of videos has also been linked to poor body image and low self-esteem, especially among teenage girls. The constant comparisons to others and emphasis on appearance can negatively impact users’ views of themselves. As one article states, “The app provides an endless stream of emotional nudges, which can be hard to recognize and really impact users in the long run” (source). More research is still needed, but initial studies point to a concerning relationship between heavy TikTok use and declining mental health.
Conclusion
TikTok presents several significant security risks that users should be aware of. The most concerning issues are TikTok’s invasive data collection practices, its algorithm that can promote addiction, potential censorship and access to data by the Chinese government, vulnerabilities that could expose user data, and dangers from misinformation and harmful challenges.
Users can take steps to protect themselves on TikTok by being cautious about what information they share, using secure passwords, enabling privacy settings, and thinking critically about challenges or news they see on the platform. Parents should monitor their children’s use and utilize parental controls.
Looking ahead, TikTok could make improvements by being more transparent about its data practices, algorithm, and content moderation. The company should provide users with more control over their data and feeds. TikTok should also invest in identifying and removing misinformation and dangerous challenges. While security issues exist, users who understand the risks can better protect themselves.