Privacy and Security Risks of TikTok


There has been extensive media coverage of TikTok privacy concerns. However, most social media platforms worldwide collect, use, analyze and ultimately profit from users’ personal data. TikTok argues that it collects less data than platforms such as Facebook or Google since it doesn’t track user activity across devices.

Data Collection: TikTok, like other social media platforms, collects a vast amount of data from its users, including user content, your IP address, geolocation-related data, unique device identifiers, browsing history, and more.

Data Storage and Transmission: TikTok’s parent company, ByteDance, is based in China, which has raised concerns about the potential for the Chinese government to access this data due to China’s data security laws. However, TikTok has stated that data on most American users is stored in the United States and Singapore, with strict access controls.

Algorithmic Transparency: TikTok uses algorithms to suggest personalized content to users. While this is not a risk in and of itself, the lack of transparency about how these algorithms work and what data they use can raise concerns about the potential misuse of personal data and the potential spread of misinformation.

Potential for Misinformation and Manipulation: The possible spread of misinformation and the opportunity for manipulation, while not strictly a data security risk, is a concern tied to the use of social media platforms, including TikTok. The platform’s algorithms can create echo chambers where users are exposed to increasingly extreme content, and there is potential for malicious actors to spread misinformation or manipulate user opinion.

Potential for Data Leaks: As with any digital platform, there is a risk of data leaks or breaches, where hackers could potentially gain access to personal data. While TikTok has not had a published significant data breach, the potential for such a breach exists.

Third-Party Data Sharing: TikTok’s privacy policy allows for data to be shared with third parties, which raises concerns about how this data could be used. Users do not have clear visibility or control over where their data goes after it has been shared with third parties.

The risks stated are vastly similar to those for nearly all other Social Media platforms that are “free” for use. Other tech companies have data-harvesting business practices that also exploit user information.

“If policymakers want to protect Americans from surveillance, they should advocate for a basic privacy law that bans all companies from collecting so much sensitive data about us in the first place, rather than engaging in what amounts to xenophobic showboating that does exactly nothing to protect anyone,” said Evan Greer, director of the nonprofit advocacy group Fight for the Future.


Like many other social networking platforms, such as Facebook, TikTok collects a lot of information about its users, including:

  • Every TikTok video you watch and how long you watch them
  • The entire contents of every message you send through the app since messages are not encrypted
  • Your country location, internet address, and type of device you are using

With your permission, it also captures:

  • Your exact location
  • Your phone’s contacts and other social network connections
  • Your age and phone number
  • Payment information

This information can be used to build up a picture of you for ad targeting purposes – by understanding who you are, who your friends and family are, what you like and find entertaining, and what you say to your friends. To use the app, users grant access to their microphone and camera. If you create videos, the app captures close-ups of your face. Potentially, this provides biometric data which could be used in conjunction with other images of you which exist online. TikTok uses technical measures to encode its activity. This means that some of what it does is hidden from external researchers. TikTok says this is to disrupt hackers and other malicious actors.


Much of the commentary around TikTok security issues focuses on the extent to which the app may share or be forced to share any data it collects with the Chinese government. TikTok has steadfastly maintained that it does not share its data in this way. According to the New York Times, the CIA reportedly investigated TikTok and found no concrete evidence that Chinese intelligence authorities were spying on users.

TikTok US Terms of Service effective July 31, 2023


About Author

Associate Vice President for IT, CISO, Fordham University

Comments are closed.