It’s easy to comment, share, like, and be endlessly distracted by social media platforms like TikTok—and much more complex to understand any potential security and privacy risks. Before you upload another video of a dancing cat, read our in-depth guide to understanding TikTok. What does it collect about you and why are many governments so concerned about the app? Then help safeguard your devices, data, and privacy with Avira Free Security.
TikTok: A brief history of privacy scandals and stellar successes
Singing, dancing, comedy, lip-syncing…if it’s video content created and posted primarily by young people, it’s likely to be on TikTok. Launched in 2017, the social media platform has been one of the fastest-growing apps worldwide. Many Chinese platforms fail beyond their home turf, but not so with TikTok. When it acquired Musical.ly in November 2017 for $1 billion, it added 80 million (mostly US) users to its database and things snowballed from there. In 2023, TikTok downloads hit the 4 billion mark and this stellar trajectory has continued. At the time of writing in 2024, TikTok has 2.05 billion registered users worldwide. However, its success continues to be overshadowed by privacy and security concerns that put not only the company’s image at risk but also its operations in key markets. Some countries consider the app a threat to national security. It’s also become notorious forallegations of poor protection of data and minors plus its scams, from fake giveaways to romance scams. So how safe is it and what is the status of the restrictions imposed? Should we be worried? Let’s explore.
Many nations and government bodies have taken action against the app, either banning it outright or curbing functionality, and cite various reasons for doing so. Please see the status of TikTok censorship by country here: In Iran, for example, it’s currently blocked due to both TikTok’s rules and Iranian censorship. Pakistan continues to ban the app as it’s content apparently undermines societal values. In Africa, citizens of Somalia and Senegal are unable to use TikTok in their home country. A growing list of governments—including the European Union, Canada, and New Zealand—have imposed bans on the app being used on government-issued devices. In the US, the federal government and more than 30 states now ban TikTok on government employees’ phones. Tighter restrictions for private citizens in the US could be looming, raising important questions about how to balance freedom of speech with safeguarding and data protection responsibilities—not to mention the practical implications of curbing the powers of social media.
Could TikTok be banned in the United States and what would that mean?
In April, President Joe Biden signed into law a bill that would ban TikTok in the U.S. if the social media platform’s Chinese-owned parent company, ByteDance, doesn’t sell its stake within a year. That means that the sale deadline would most likely come sometime in 2025. TikTok CEO Shou Zi Chew posted a response on the platform and even implied court action, decrying that the law “…will take TikTok away from you and 170 million Americans who find community and connection on our platform. Make no mistake, this is a ban––a ban on TikTok and a ban on you and your voice. Rest assured we aren’t going anywhere. We are confident and we will keep fighting for your rights in the courts”. Many US digital creators and users have criticised the potential ban and claim it could affect their livelihoods.
In May 2024, TikTok filed a lawsuit with the U.S. Court of Appeals in Washington, D.C., alleging that the law is unconstitutional because it stifles free speech. The suit also alleges the unlawful taking of private property. Several states have also taken their own legal action. Indiana (unsuccessfully) sued TikTok on the basis that the application serves users inappropriate content and violates consumer protection laws in its data collection practices. Another lawsuit came from Arkansas as it sued TikTok, ByteDance and Facebook’s parent company, Meta, over claims that the companies violate the Deceptive Trade Practices Act. Montana has taken things even further and the state is trying to ban TikTok on personal devices. If the ban is successful, it will prevent the app from operating within the state and app stores that host TikTok within state lines could be fined up to $10,000 per day. A US judge has blocked the TikTok ban on the grounds that it violates the right to free speech, but the state has since filed an appeal. Several universities have also banned the app on their networks.
What would happen if the ban does come into effect and how could it be enforced? The app probably won’t disappear from users’ phones, but it would disappear from Apple and Google’s app stores, which means users won’t be able to download it. TikTok would be unable to send updates, security patches and bug fixes, and over time the app would become less secure and less stable. Another possible scenario would be to follow the example of India, where the government simply forced internet and telecommunications providers to block the app.
How safe is TikTok—and is it suitable for children?
Given all the concerns we’ve just discussed, let’s take a closer look at the app. How safe is it really for ‘normal’ users like you or me—assuming we’re not government employees—and does it take steps to protect youngsters from unsuitable content? TikTok is usually considered no less safe than other social media apps as it does offer a host of security and safeguarding features. We’ve summed these up below. If you have the tenacity, you’ll also want to read the TikTok terms of service.
- Two-factor authentication (2FA), so verification in addition to a password is needed to log in—and can help prevent your online accounts from being hacked.
- Users must be at least 13 years old to sign up and those between 13 and 15 are assigned private accounts by default. Those aged 16 and 17 must choose between private and public accounts.
- An automatic one-hour time limit is set for users under the age of 18.
- Video downloads are set to off for users aged 13 to 15 and can’t be changed. This means that others can’t download videos posted by these minors.
- Direct messaging is not available for users aged 13 to 15.
- Content is curated and strictly ‘view only’ for users under the age of 13, so they can’t create their own content. ‘Comment care mode’ filters comments that are inappropriate, offensive, and have been flagged by others.
- Only users who are 18 and older can complete transactions with virtual gifts.
- Restricted Mode on TikTok helps limit access to content that might be inappropriate or complex. It also restricts features such as the Following feed, LIVE streaming, and gifting on LIVE.
TikTok also introduced Family Pairing in 2020 which allows parents and guardians to customise safety settings. They can link their TikTok account to the child’s account and set parental controls, such as a screen time limit that applies to all the child’s devices, plus a passcode that they can choose to enter if they want to extend the time limit. Parents/guardians also receive a summary of the cumulative time their child spent using TikTok each day over a four-week period, as well as the number of times the app was opened each day. They can also restrict who may send messages to the connected account or turn off direct messaging completely.
See the TikTok Guardian’s guide for detailed information on the tools and controls that TikTok has built in to help keep its young community safer. It’s important to remember that despite these measures, TikTok faces similar challenges to other social networking sites and kids are often their own worst enemies. There’s no reliable way to stop children from faking their ages or signing up without parental consent. These ‘adult’ profiles will automatically be set to public, and strangers can then send children private messages or download their content. And let’s not forget what TikTok is primarily composed of: Music and videos that can contain profane language and clothes or actions that aren’t suitable for younger viewers. Ultimately, it’s up to parents to know and monitor what their children do online. If you’re interested in helping to control and monitor your child’s use of digital media, see our blog on parental control apps.
But let’s not forget: Even ‘safer’ use of social media platforms like TikTok can harm children’s mental health. The Children’s Society in the UK outlines the key problems with the site—from addictive scrolling and unrealistic body images to online bullying and an increase in stress, anxiety, and sleep disorders. We could all benefit from a regular digital detox.
What are TikTok’s privacy issues?
“What does it collect about me and why?” are among the key online safety concerns circulating about TikTok. The platform does gather a significant amount of information on its users to fine-tune its content recommendation algorithm—but so do other social media sites like Facebook. A complete and accurate user profile is vital for any social platform so it can offer a relevant and personalised experience plus ads tailored to users’ interests. Data gathering also helps improve the app’s functionality.
What does TikTok know about you?
To be clear (and fair), TikTok is not unique in the amount of information it collects and does so in line with standard social media practices. Be aware that you’re giving away the following:
- Account information and personal details: This includes information like your name, username, profile picture, email, phone number, and passwords.
- Behavioural data: Cookies track you online to gain insight into your interests and activities. For example, TikTok observes every video you watch, how long for, and which ones you save.
- User-created content: TikTok logs every post, video, and comment you create, post or engage with. It also sees the entire contents of every message you send through the app since these messages are not encrypted.
- Device data and location: Your country location, internet address, and the type of device you’re using are all noted. TikTok can distinguish your device based on its operating system and network carrier, and it determines your location based on your device’s IP address and GPS data.
To help appease the privacy concerns of the US government, TikTok pledged in 2023 to store data from American users in America only with American companies staffed with local personnel. Currently the TikTok US Data Security web page states: “New protected U.S. user data is stored by default in the Oracle Cloud and USDS infrastructures with controlled and monitored gateways. Once deletion of backup data is complete … only approved USDS personnel will have access to protected U.S. user data…” (Status: July 2024).
If you’re curious about TikTok’s data collection protocols and how they may impact you, they’re available in full on the TikTok privacy policy page.
Who does TikTok share data with?
TikTok shares data with many third parties for business and regulatory purposes. These include advertisers and marketers for the purpose of creating targeted ads and better understanding user activities and interests. Governments and law enforcement agencies can request user data from TikTok to assist with investigations or to comply with government mandates. And if you choose the option to sign in to your TikTok account with a third-party app like Facebook or Twitter, beware that you’ll be trading privacy for convenience. TikTok can seamlessly hoover up your data and activities from any linked sites, so it’s best to set up a TikTok-only login.
Are TikTok messages private?
When it comes to TikTok’s direct messaging functionality, you should keep in mind that the messages aren’t encrypted, and the app collects not only meta-information but also the content of the messages sent. Unencrypted messages can be read by the service provider and third parties. TikTok’s privacy policy is transparent about the type of information being collected and processed: “…the content of the message and information about when the message has been sent, received and/or read, as well as the participants of the communication.”
As of this point, there are no plans communicated that would introduce end-to-end encryption, a crucial feature for keeping communication private. If you use any messaging app without end-to-end encryption, do not share content that you wouldn’t be comfortable sharing in public. The company restricted direct messaging to users over 16 in late 2019, following numerous discussions about children’s safety on the platform.
Does TikTok access your device’s camera and microphone?
Yes, but before you apply extra lipstick or cover these tools with a band-aid, the camera and microphone are only activated when a user has granted TikTok permission to access them. Otherwise, the app promises not to collect any information from these sources. Additionally, when the TikTok app is closed, it stops accessing the camera and microphone, so it’s not listening in or filming you.
Does TikTok collect keystroke patterns?
According to the TikTok Truths series on the app’s privacy and data security practices, it does collect keystroke patterns “for security and performance related purposes, such as to verify the authenticity of an account”. This monitoring isn’t restricted to just your actions on TikTok though. Some cybersecurity experts are concerned that the TikTok in-app browser monitor may also track activity on other sites the browser is used to access by inserting a code into the website. In theory, confidential information like your credit card details could be harvested this way. TikTok denied this in an official statement and claimed that keystroke or text inputs through this code “are solely used for debugging, troubleshooting and performance monitoring”. There’s no way for users to know the full details of what data is being stored and why.
How to help protect your privacy on TikTok
All adult TikTok accounts are public by default, but you can adjust your privacy settings to make your account private. (Go to Me, tap …, Privacy, Turn Private Account On). However, your profile information will remain public, so any user will be able to see your username, bio, and profile picture.
Even with a private account, your account might still be recommended to other users, especially if you have friends in common. To change this, adjust the option Allow others to find me. You can also turn off Allow download to prevent users from downloading your videos. To make videos completely private or accessible only to friends, you can use the option Who can view this video. This will help shield your information from other TikTok users and not the company itself though. If you’re very serious about your privacy, you’ll have to use a burner email when logging in, along with a VPN to help hide your location. If you really need to be that invisible online, perhaps a social connectivity app isn’t the place for you though.
If you’re a “look but don’t touch” sort of person, consider using TikTok as a guest without creating an account. You’ll be able to watch videos but not post or interact with them. You can also help reduce the extent to which your activities are tracked online by turning the TikTok personalised ad settings off. Curious what TikTok knows about you? Wonder no more: You can request your data from TikTok.
What are the (technical) security concerns around TikTok?
By now you’ll be well-versed on TikTok’s data gathering and privacy concerns, so let’s expand on another potential worry: Security, or vulnerability to online attacks. TikTok originally used unencrypted HTTP to transfer media content from the company’s Content Delivery Networks (CDNs). HTTP connections can pose severe privacy threats and have since been replaced by secure HTTPS connections, but they are still supported to maintain backward compatibility.
The ease with which HTTP vulnerabilities can be exploited was illustrated by developers from Mysk.co during the COVID-19 pandemic. They were able to use a fake server to switch a video in the feed of the World Health Organization on TikTok with a fake one, showing how easy it is to spread false information. TikTok acted swiftly to fix the security flaws. The site is still awash with other scams though…we’ve rounded them up below.
Exploring TikTok scams
Where millions of users gather, scammers will follow like moths to a flame, and it’s no different on TikTok which may be a victim of its own success. Here are some common scams to look out for. Remember: Trust no one.
Fake celebrity profiles: These grow online like weeds and are filled with stolen content. They reel in unsuspecting fans who might even end up donating to fake causes that the ‘celebrity’ is promoting.
Fake business accounts: Scammers pose as major companies like Apple, Walmart, or Amazon and often post links to “free giveaways” designed to steal personal information.
Fake TikTok follower generators: Scammers cunningly exploit people’s desire to grow their TikTok following by promoting fake follower generators through direct messages, comments, or bot accounts. Sign up and you could end up handing over your TikTok login information.
Donation scams: These exploit the goodwill of users during crises such as pandemics and natural disasters and trick people into donating money. Always research any organisation before donating and look for verified information.
Get-rich-quick scams: Fraudsters claim that if you give them a small amount of money, they’ll turn it into a larger sum. Beware—if you send your money, it’s gone, whether it’s cash or cryptocurrencies.
Romance scams: “You’re beautiful…” might sound flattering but the reality is that the handsome stranger courting you only has their eye on your personal information and money. It’s called catfishing—ignore it!
Fake giveaways and prizes: The chances are high that you haven’t won a holiday in a Tuscan villa or a million pounds. Never click on unknown links or provide personal details. Scammers are usually trying to steal your identity, money, or both.
Fake jobs: Job offers that sound too good to be true usually are. Ignore them and look for jobs on reputable sites specialised in recruitment.
Cybersecurity tips to help you stay safer on TikTok
The rules of basic digital hygiene apply wherever you are online. Never share private information like your home address. You can’t be sure who has access to it or even who you’re talking to if you share it directly! Avoid clicking on links or opening attachments unless you know they’re trustworthy. If you have children, monitor their digital habits and make sure they know the risks of going online and how to protect themselves. Here’s how to help keep your kids safer online.
It’s also a good idea to regularly delete old accounts you’re not using, set active accounts to private if possible, and never reuse passwords. Avira Password Manager helps generate, store, and manage strong, unique passwords for all your online accounts.
Comprehensive cybersecurity is an essential defence against TikTok and other scams, plus outdated software and even the latest online threats. Avira Free Security packs in trusted anti-malware, a password manager, a software updater, and more.
Tik Tok is a trademark of TikTok Ltd.
