TikTok, the video-sharing social media app that has gained immense popularity since its debut in 2016, has over 1 billion monthly active users and over 2.6 billion downloads by users in more than 150 countries.
Despite the app’s massive cult following, the Chinese-based social media platform has been under the magnifying glass of governments and privacy experts for years. Although most of TikTok’s challenges stem from the extensive harvesting of data from its users, TikTokers also face the traditional security and privacy risks accompanied by extensive social media visibility or usage.
The TikToker’s trade-off
TikTok is a “free” app that most internet users can find in the app store on their phones. Some lucky, creative users were even catapulted to fame and fortune, with some popular TikTok influencers earning millions of dollars.
How does the app developer profit? Simple. Like any other social media platform, it harvests data from TikTokers and sells it to third-party marketers.
But just how much data does TikTok collect on its users? The platform collects and processes enormous amounts of personal and technical data from users’ devices, which can be placed in three distinct categories.
The user-generated data refers to information provided once you create an account or use the Platform:
- Email addresses, phone numbers, age, username and password
- Names, social media account information, profile photos
- Comments, photographs, livestreams, audio recordings and videos
- Payment information such as credit card numbers and PayPal account information
- Information gathered from surveys, challenges, sweepstakes or contests may include gender, age, likeness and preferences
- Phone and social network contacts (following permission request from the app)
The app also collects third-party data whenever users chose to sign up or connect using another social media platform such as Facebook, Instagram and Twitter, or data from publicly available sources:
- Contact lists from other social media platforms and usage information on linked accounts
- Data from advertising partners, data and analytics providers
Last but not least, automatically collected data includes technical and behavioral information when using the app with or without creating an account, such as:
- Platform usage information and any generated or uploaded user content
- Device information including, IP address, user agent, mobile carrier, time zone settings, identifiers for advertising purposes, device model, operating system, network type, device IDs, screen resolution, keystroke patterns or rhythms, battery state, audio settings and connected audio devices
- Location data based on your SIM card, IP address or precise GPS location (requires permission)
- Image and audio information that is part of user-generated content used to identify objects, scenery, faces, text of the words spoken in the video
- Biometric identifiers and biometric information such as faceprints and voiceprints, according to the local legislature
- Any messages sent through the platform
- Metadata from user-generated content such as the time when it was created, modified, formatted, account name and used hashtags
- Cookie data that measure and analyze the way users interact with pages and advertisements
It may be a lot to take in but, as a social media aficionado, you know the drill by now. Your personal data means big money for tech companies who trade the data you are willing to provide while signing up, posting, uploading information on the web. Every bit of information you leave behind while browsing, using online apps and social media platforms, is repeatedly analyzed and monetized.
Whether this tradeoff by users is fair is the subject of much debate. But we’re not going down that rabbit hole today. The important thing is that you become aware of the digital information or digital footprint you leave behind every time your pick up your phone to TikTok – and this applies to any other app or social media platform.
Privacy and security related risks for TikTokers
It’s time to face the truth. Everything we do online is tracked and collected one way or another, even if just in the form of a string of numbers or IDs that don’t necessarily point to your persona directly. And that’s not all. Social media comes with its share of challenges for average surfers and power users alike. Internet users have a lot on their plate; from spammers to cyberbullies, online stalkers, impersonators, and fraudsters who steal money to the common data breach or leak.
Your data means money, even for hackers, who have a field day each time they catch users off guard, falling for a scam, oversharing information, clicking on a fake link or ignoring basic cyber hygiene.
What can you do to improve your privacy and security on TikTok
Lose the ‘it can’t or won’t happen to me attitude’, and do everything in your power to make sure you won’t become the next victim to identify thieves or scammers who are also following the trends.
It may be hard for the TikTok famous to think about their online privacy when making hundreds of thousands of dollars off their user content, as public visibility is vital. However, for the casual TikToker, some small changes to your profile can help protect you from harm and minimize the digital footprint you leave behind:
- Stop oversharing information – start by not using your full name and, never, ever share your home address or any particularities (landmarks) from your location
- Go private – having many followers may be cool on TikTok, but it can also be dangerous since you don’t know the intent of the individuals who follow you. TikTok accounts are public by default, but you can change the profile to private by navigating to the Privacy and Safety settings. This option won’t allow other users to download your videos, check your bio and followers lists
- Content visibility – if you don’t want the entire TikTok community to view your videos, consider turning off the “Suggest your account to others” option in the app
- Avoid user interactions by restricting who can view your videos or message you directly – you never know what type of message will reach you. It could be a hateful note that ruins your day, spam or a scam attempting to manipulate you into providing sensitive information
Additional security measures you should consider taking include:
- Review your password – Make sure it can’t be guessed based on any personal details available on other social media profiles. Your first name and birthday should not be part of your password. Chose a unique password and don’t use it on any other platform
- TikTok lacks a two-factor authentication method. However, if you’ve already added your phone number to your profile, you can choose to log in with verification, as the platform will create a one-time password (OTP) each time you log in
- Turn off the autosave login info (in the Manage my account section) to prevent unauthorized individuals from logging into your account if your device is compromised or lost
- Don’t access or click on links you receive individuals you don’t know, as they may contain a malicious payload or phishing website that can steal your info
It’s only a matter of time before your data is publicly exposed or appears in a breach collection on a dark web marketplace. Bitdefender Digital Identity Protection is your dedicated online privacy service that helps you take control of your digital footprint to minimize risks associated with data breaches and leaks. Our tool continuously monitors the web for any data related to the information provided in the onboarding process (email address and phone number).
The tool allows you to analyze the exposed data to better understand your risks of falling victim to identity theft and take more privacy-focused decisions for all your future digital endeavors. As an additional perk, it will allow you to spot social media impersonators that can ruin your online reputation.