top of page
  • Writer's pictureESET Expert

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us.

TikTok CEO Shou Zi Chew has appeared before the U.S. Congress to give his take on the app’s data security and privacy practices and possible links to the Chinese government amid a nationwide discussion about a blanket ban on TikTok in the US.

The short video app – which was the most-downloaded app of 2022 both in the U.S. and worldwide – has been mired in controversy over a raft of privacy and cybersecurity issues, including claims of excessive harvesting of user data and its sharing with the Chinese government, harmful influence on children and their mental health, and leaks of personal data.

While most of such concerns aren’t really unique to TikTok, no other social media platform is drawing as much scrutiny as the smash-hit video app. This is not just because TikTok is often said to collect more information from users than the industry average and use a more powerful recommendation algorithm than the other platforms, but especially because many believe the app poses risks for national security.

India instituted a nationwide ban on the app back in 2020 while an increasing number of countries have banned TikTok from government-issued devices. The US is now also considering taking things further and ban the app entirely.

Here are some of the main questions surrounding TikTok and perhaps even more importantly, what you can do to help protect your data or the data of your children using TikTok.

What data does TikTok collect?

Discussions and much of the evidence have recently revolved mainly around the findings of researchers at Internet 2.0, an Australian cybersecurity company. According to their report from July 2022, TikTok requests excessive device permissions and collects excessive amounts of data – way more than it needs for its functioning. For example, the app gathers data on all applications that are installed on the phone, detailed information on the Android operating system, and demands access to phone contacts.

“For the TikTok application to function properly most of the access and device data collection is not required,” said Internet 2.0 head security engineer Thomas Perkins. “The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting.”

Additionally, much of this data collection cannot be turned off and TikTok states in its Privacy Policy that it can read your messages, claiming they need to this level of access to protect users against spam.

At the same time, the company receives your approximate location from your device’s GPS data even when the location service is turned off. It also collects your transaction and purchase history, according to the Internet 2.0 report.

Chew responded to these accusations by saying that the current versions of the app do not collect precise or approximate GPS information from U.S. users. He also denied any data sharing with the Chinese government. “TikTok, as a U.S. company incorporated in the United States, is subject to the laws of the United States,” reads his statement. “TikTok has never shared, or received a request to share, U.S. user data with the Chinese government. Nor would TikTok honor such a request if one were ever made.”

At any rate, how can you take back (some of) your privacy – assuming you don’t want to give up on using the app altogether?

How can you protect (some of) your privacy while using TikTok?

If you want to see content on TikTok while giving away as little amount of data as possible, use the official TikTok website in a web browser. Remember that TikTok will still be able to gather some information using browser cookies and other trackers.

However, without an account it is not possible to post videos, insert comments or like any videos. In case you want to be an active user with an account, you can at least restrict sharing some data in settings.

In its Privacy Policy, TikTok explicitly states that it may collect your data from third-party applications, even without your consent. When registering on TikTok for the first time, then, consider using a phone or email address that you don’t use anywhere else, rather than an account associated, for example, with another social network platform.

For more protection, do not allow TikTok to sync phone contacts or Facebook friends, and limit ad personalization. You can kick things up a notch and use a burner phone, i.e., an inexpensive mobile phone designed for temporary use after which it may be discarded, together with proxy services to mask your IP address and a VPN to hide also your location.

However, in its 2022 investigation, Consumer Reports, a U.S.-based non-profit consumer organization, revealed that TikTok gathers data even on people who never had the TikTok app or visited the platform’s website.

It is because TikTok receives data from its partners who gather information about people visiting their websites. Other prominent platforms such as Google or Meta (Facebook) use the same strategy for advertising purposes.

“Like other platforms, the data we receive from advertisers are used to improve the effectiveness of our advertising services,” Melanie Bosselait, a TikTok spokesperson, responded to the Consumer Reports’ findings.

Leaks, spying and more?

While it is true that concerns around data privacy aren’t unique to TikTok, the short video app has faced several scandals raising questions about its independence.

TikTok is owned by Beijing-based tech giant ByteDance. In December 2022 it confirmed spying on reporters as part of an attempt to track down the journalists’ sources, according to an internal email obtained and quoted by Forbes.

“I was deeply disappointed when I was notified of the situation… and I’m sure you feel the same,” ByteDance CEO Rubo Liang wrote in an internal email shared with Forbes. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals. … I believe this situation will serve as a lesson to us all.”

Chew described this incident as a mistake the company promptly dealt with. “We also notified this Committee about these ill-advised actions within moments of informing our employees,” Chew wrote. “I condemn this misconduct in the strongest possible terms.”

In June 2022, BuzzFeed reviewed leaked audio from more than 80 internal TikTok meetings, finding 14 statements from nine employees indicating that engineers in China had access to US data.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting, as quoted by BuzzFeed. During another meeting, a different employee mentioned a Beijing-based engineer whom he described as a “Master Admin” who “has access to everything.”

Another thorny point involves China’s National Security Law from 2017 that requires Chinese companies to “support, assist and cooperate” with national intelligence efforts, Politico notes.

In his speech, Chew reiterated that all the data of all Americans is stored in America and hosted by an American headquartered company. ByteDance has formed a special-purpose subsidiary called TikTok U.S. Data Security Inc. (USDS) that controls all access to systems containing U.S. user data.

Back in 2019, the Washington Post raised another suspicion when posting a story involving missing TikTok posts about then ongoing Hong Kong protests in September 2019. Also, Facebook CEO Mark Zuckerberg claimed the app was blocking pro–Hong Kong content from American users. ByteDance refused these allegations, and a subsequent test conducted by BuzzFeed News found no censorship.

“Claims of censorship on TikTok didn’t seem to take into account the fact that American teenagers don’t appear to be creating viral pro–Hong Kong content on platforms like Facebook or Instagram either,” BuzzFeed wrote.

Protecting children on TikTok

Not unlike other social media sites, TikTok struggles with protecting children from being exposed to harmful content, bullying, self-harm, eating disorders, or other risks lurking online.

For example, recent Italian research among 78 eating disorder patients found that viewing TikTok content reduced self-esteem in 59% of them, and 27% reported TikTok-related significant changes in their daily lives. TikTok was the main social media platform for almost 63 percent of all surveyed patients.

On top of that, the US Department of Homeland Security has also launched an investigation into allegations that TikTok does not do enough to battle child sexual abuse material, the Financial Times reported in April 2022.

Chew said that TikTok constantly screens content for indications of potential predatory or abusive behavior. It also removes content that promotes bullying, hateful behavior, disordered eating, and violent extremism.

“Each and every video uploaded to TikTok goes through automated moderation, and potentially violative content is automatically removed or escalated for human review by one of our expert moderators who have undergone specialized training to detect the signs of grooming or predatory behavior,” Chew wrote.

To deal with child protection issues, TikTok introduced a feature called Family Pairing back in 2020. As we explained in our article back then, the tool gives parents some degree of control and oversight over their children’s accounts.

A parent can link their TikTok account to their child’s and set parental controls, including daily screen time, restricted exposure to some content, child’s search options, and discoverability for others.

During the ongoing debate about TikTok’s future in the United States, the social media platform announced new tools for parents on March 1, 2023. Parents will be able to choose different time limits depending on the day of the week and set a schedule to mute notifications. TikTok also announced a screen time dashboard to Family Pairing, which provides summaries of time on the app, the number of times TikTok was opened, and a breakdown of total time spent during the day and night.


bottom of page