KEY POINTS
- Originally launched by ByteDance, for markets outside of China in 2017, TikTok is one of the most popular apps available.
- TikTok has been downloaded over 2 billion times via Google Play and the Apple App Store (Sensor Tower, 2020).
- While 41% of TikTok users are between the ages of 16 and 24, the number of adult users in the US is steadily growing.
(Globalwebindex, 2019 and Marketingcharts, 2019).
since making its global debut in 2017, TikTok has taken the world by storm! A 2019 study by Apptrace shows that TikTok is available in 155 countries. While its popularity continues to rise, many are concerned with the data privacy and security associated with the app. ByteDance claims that many of these data privacy and security concerns are unfounded. However, O’Mard Consulting Services, LLC will highlight several concerns that have been confirmed by multiple security researchers and by reviewing ByteDance’s disclosed privacy policy.
What Data Does TikTok Collect?
Like many other social media applications, TikTok captures information pertaining to:
- What videos you’ve watched
- How long you’ve watched a particular video
- The contents of private messages sent via the app
- Your country location
- Internet address (IP address)
- The type of device you’re using (Tablet, Smartphone, etc…)
If you give TikTok additional permissions, these supplemental data points can also be collected:
- Your exact location (This is done by leveraging GPS, cellular, and wireless data to pinpoint your location)
- Your contacts
- Your phone number
- Other social network connections
- Your age
While some of this data is used to provide the user with a more “personalized” experience, the data can also be aggregated by a company to create a profile of the user. This profile can be used to serve the user ads, based on their interest, it can also be used for more malicious activities, such as, to understand who you are as a person, or to identify your personal networks, to include your family, friends, and business contacts. This is one of the principal reasons why businesses around the world, and heads of government in countries, such as, the United States and India, want to ban the app.
TikTok has been known to collect data, such as the contents of your clipboard, which often times contains sensitive information, like your passwords or credit card numbers. ByteDance claimed that this data collection is as an “anti-spam” measure, and has since updated the app to prevent future occurrences.
Is My Data Stored in China?
According to the TikTok U.S privacy policy, which we have included in the additional resources section at the end of this post, user data is stored only in the U.S and Singapore. While many security researchers continue to monitor network traffic, verifying that TikTok data is being sent to major cloud service providers, such as, Akamai and the Google Cloud Platform, TikTok could in theory configure their services to replicate data stored in the U.S and or Singapore to a server in China.
Additionally, TikTok’s U.S privacy policy states, “We may share your information with a parent, subsidiary, or other affiliate of our corporate group.” This means it is possible for Chinese based ByteDance, as well as other foreign entities, to get their hands on your data.
Do I Have Any Options Other Than Deleting TikTok?
Users may be inclined to delete TikTok after reading about all the data the app collects, but there are a few steps that can be taken to limit the amount of personal data TikTok collects. These steps include:
- Falsifying account data, such as, your age and name.
- Creating a burner/throwaway email address for TikTok usage.
- Denying permissions that share your contacts, exact location, and other sensitive information with the TikTok.
- Disabling personalized ads in the app’s settings. This does not prevent the app from collecting your personal data; however, it prohibits TikTok for monetizing your data via targeted ads.
TikTok has given the world, yet, another platform where users can interact, particularly in the midst of a global pandemic. Despite that, the amount of data that app collects, coupled with its shady privacy track record is concerning. O’Mard Consulting Services, LLC will not tell you to outrightly delete the application; however, we highly recommend that you limit your risk(s) of unnecessary data exposure by employing the data privacy and security mitigation steps outlined above.
Additionally, users can continue to watch videos on the app or web without creating an account. Doing so prevents users from following individuals, but it limits the amount of data the platform can collect on you. This technique is not fool proof; some data, such as, your internet address or device type will still be collected. However, this approach provides the user with some anonymity and can be combined with other advanced tactics to limit your digital footprint.
Have any questions regarding TikTok, data security and privacy, or technology in general? Send us a message and we’d be glad to assist you! Don’t forget to subscribe to our newsletter for more tips and tricks of the trade.
Additional Resources