TikTok is a fun, silly place. To scroll through it is to take in a sensational amount of people dancing and lip-syncing. There’s a video of Cameron Diaz’s wine drinking challenge, a very polite kid named Grey, and a clip from Taylor Swift’s “Love Story” that you’ll hear way too much. There are even frogs. It’s addictive and ridiculous.
But the platform has been in the news lately for reasons relating to privacy and security, an issue that came to a head when President Trump issued an executive order on August 6 that outlaws transactions with TikTok’s parent company. (Read TikTok’s response here and an analysis of the head-scratching presidential decision here.) The drama stems from a fact that separates TikTok from other similar social media apps like Instagram: ByteDance, the company’s parent, is Chinese.
A path forward may be found through American ownership for the app, and on August 2 Microsoft announced they might buy TikTok. Conversations about the potential acquisition are already taking place, but we won’t know more until September 15.
What you’re hearing in the news may compel you to wonder—is the app safe to use? And if you are already using it, is there anything you should keep in mind?
The short answer is that it’s probably completely fine and harmless for most people to be on TikTok, as long as they keep in mind that, just as with other social media apps, it hoovers up data.
Platforms like TikTok and Instagram collect personal information from users with different levels of transparency, points out Shuman Ghosemajumder, the global head of artificial intelligence at F5, an internet infrastructure and security company. The first level is information that you’re clearly aware you’re sharing with them. This includes the email or account you used to sign up for the app, and of course the content you actively share on the platform.
“When you’re taking a video of yourself, and uploading that to TikTok, everybody knows that TikTok is taking that data and storing it on their servers, and performing various types of analysis on it,” Ghosemajumder says.
Finally, the third category of data collection is the nefarious, criminal kind which experts scrutinize apps to find. But Ghosemajumder says it’s extremely difficult for an app that operates at the scale of TikTok to be able to hide from the forensics researchers who would love to expose that kind of behavior. Has TikTok done that? Ghosemajumder says he knows of no evidence that it has.
There was a blip in that department, though—in June, it surfaced that TikTok had access to the clipboards of users running the next version of Apple’s operating system, iOS 14. That means that if you had recently copied and pasted anything sensitive, TikTok could have seen that. “The reason that TikTok claimed to be doing that was to detect users who were using the clipboard to spam comments,” Ghosemajumder says. Cutting and pasting is a common way to distribute spam. In fact, anytime you’ve noticed that the paste function isn’t working in a field on a website, that’s because the merchant is trying to fight fraud. It would make sense for TikTok to do this too, but since the issue was exposed, the platform stopped the practice.
Let common sense be your guide if you’re using an app like TikTok—and of course, start by not sharing anything you don’t want people to see. If you don’t want thousands of people to watch you dancing in your living room with your family, then don’t upload a video that shows just that. Ultimately, Ghosemajumder doesn’t see much daylight between TikTok and its competitors. “There’s no fundamental difference in using TikTok versus using [apps like] Facebook or Instagram,” Ghosemajumder reflects.
James Andrew Lewis, who directs the technology policy program at the Center for Strategic and International Studies, agrees. “Right now there’s no risk in using TikTok—it’s pretty harmless,” Lewis says. “The information on it is not valuable to an intelligence agency, the PII [personally identifying information] is nothing special, and there’s no evidence that TikTok has been used as a vehicle for delivering malicious code.”
As for the fact that the parent company is Chinese, Andrés Arrieta, director of consumer privacy engineering at the Electronic Frontier Foundation, points out that “a lot of the political discourse is more about xenophobia than actually privacy or security concerns.” Although, he adds, “if the Chinese government is your worry, then yes, it’s a worry.” For context, Human Rights Watch’s 2020 report on China has this to say about the country’s repressive tactics and global reach: “Government censorship now extends far beyond its borders; its mix of typically financial incentives and intimidation are manipulating discourse about China around the world.” An important reminder: The best way for anyone to communicate who does not want a government or company potentially snooping on what they say is through a platform that offers end-to-end encryption, such as WhatsApp, Signal, or iMessage.
“The concern here is, the Chinese could censor [content on TikTok]—right now they haven’t,” Lewis says. “Or they could put short propaganda videos on TikTok—right now they haven’t.”
Another common concern is that Beijing could lean on ByteDance to try to get American users’ data on the platform. But there is “no evidence that that has happened,” Lewis says. Interestingly, TikTok’s servers aren’t in China—they’re in Singapore and Virginia. And TikTok does not exist as an app within China itself.
“No one trusts China, and for good reason—China is engaged in a huge espionage campaign,” Lewis adds. And even though he says it’s wise for the United States government not to trust China (thus, the Pentagon doesn’t want members of the military to have the app, especially on their official work devices) individual users need not worry about using TikTok: “There is zero risk,” he says.
So, feel free to scroll through frog videos and people lip-syncing all you want. “If the Chinese can get intelligence advantage out of that,” Lewis reflects, “it would be an amazement to me.”
Update on August 13:
On Tuesday, The Wall Street Journal reported that TikTok had been collecting a unique numerical device identifier, known as the MAC address, with its Android users, but stopped doing so in November, 2019. It did so for over a year, the Journal stated.
The MAC addresses can be used not only for advertising purposes but also for fraud detection, Ghosemajumder notes.
“The current TikTok app does not collect MAC addresses,” a TikTok spokesperson said in an email to Popular Science. “We encourage our users to download the most current version of TikTok.”