Since its launch in the UK in September 2017, TikTok has rapidly become a cultural phenomenon. With its 800 million active users, the video sharing platform has even produced its own generation of celebrities.
Lockdown saw TikTok soar in popularity – in March alone the app had 115 million global downloads – as young people, bored and stuck at home, turned to the social media site. Whether used as a new way to connect with friends, or as a distraction, TikTok has become entrenched in many young people’s daily lives: on average, kids aged 4 to 15 in the UK now spend 69 minutes every day just watching TikTok videos.
But aside from the addictive nature of the app, TikTok poses some other very serious threats. By any standards, and especially for an app that markets itself towards and profits off children and young people, the security measures in place to protect users are appalling.
Last year TikTok had to make a 7 figure payout to the US Federal Trade Commission due to accusations of violation of the Children’s Online Privacy Protection Act (COPPA). The makers are fully aware of how young an audience they attract, yet make no effort to seek parental consent when children create accounts, and inevitably provide TikTok with personal information on themselves. Furthermore, privacy tools are hidden away within the settings. It is clear to see that TikTok does not care about the protection of its young users.
In fact, TikTok has shown a blatant disregard for the security of any of its users. In January this year the app was found to be highly vulnerable to hackers, who were able to easily take control of users’ accounts and find personal information associated with those accounts, such as email addresses.
To make matters worse, recent inspection suggests that it is not only the other people on this app which pose a threat to a user’s privacy, but the app itself. We have always cautioned not to give away personal details to strangers online, to keep social media profiles private, etcetera, but when it is the app preying on personal data, there is no shelter. A senior software engineer who recently reverse-engineered the app deemed TikTok ‘a data collection service that is thinly-veiled as a social network’.
“TikTok might not meet the exact criteria to be called ‘Malware,’ but it’s definitely nefarious and (in my humble opinion) outright evil,” the engineer wrote. “There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. If there is an API to get information on you, your contacts, or your device… well, they’re using it,” they wrote. The engineer also said that the app was designed to make it difficult to understand exactly how it worked.”
It has been previously claimed by other sources that TikTok ‘spies’ on its users after an Apple security update in June showed that TikTok reads and copies the last item saved to your phone’s clipboard. If your clipboards are synced across devices, this means TikTok could be reading anything you copy to paste on your laptop or iPad: from personal details to work stuff.
Whilst this is only one instance of TikTok being caught out, we cannot underestimate its significance. Invasive and dangerous, it is a gross abuse of privacy. Fundamentally however, it is a scary sign of the app’s willingness – and even desire – to collect as much personal data on its users as possible, with or without consent.
For an app aimed at the most vulnerable online users, the superficial appeal of TikTok with its harmless-looking dance videos and routines encouraging younger and younger users to sign on, should come with a clear online safety warning. It’s our advice that you, and your children, should stay well away from TikTok until some of its more worrying flaws are fixed.