TikTok is collecting an 'excessive' amount of data from users, report suggests

The go-to app for dance trends and extremely targeted relatable content is eating up more than just countless hours of time and attention.

TikTok has also engaged in “excessive data-harvesting” practices with “permissions and device information collection [that] are overly intrusive and not necessary for the application to function,” according to a report by cybersecurity firm Internet 2.0. Though its research doesn’t include industry-wide comparisons, experts suggest that similar social apps like Facebook and Instagram could be collecting just as much data.

TikTok, however, has attracted added scrutiny due to perceived connections to China, where its owner, ByteDance, is headquartered.

The firm’s most recent report builds on a string of privacy controversies for TikTok, which has exploded in popularity among users and advertisers in the US over the last few years. Last fall, TikTok said it reached more than 1 billion monthly active global users, and the app is projected to bring in as much as $12 billion in advertising revenue this year.

• The research team reviewed the app’s source code on Android and iOS.
• The findings show that the app collects data including what other apps are on a device and “at least once per hour” location updates. The app can also obtain access to a user’s contacts if the user allows it to. If they do not, the app repeatedly requests the permission, until the user consents.

TikTok has previously said it “physically stores all data about its US users in the US, with backups in Singapore.” While the report “could not determine with high confidence…where user data is stored," it observed an IP address “resolving to China.” A report from BuzzFeed last month found that US user data was “repeatedly accessed in China.”

“We couldn’t make a finding about that, but it’s worth people continuing to ask the question—we think there’s something there,” Potter said. “It could be benign, it could be malicious, but [TikTok] was not willing to go on the record about what [the data accessed in China] was.”

A TikTok spokesperson told The Guardian that it’s “categorically untrue to imply there is communication with China,” stating that the IP address “is in Singapore, the network traffic does not leave the region.”

The report noted that users can grant the app a number of device permissions considered to be “dangerous” according to Android documentation—11 on Android and seven on iOS. Apps must request these permissions from users, which can provide access to “private user data” including “potentially sensitive information.” Certain functions are common, like asking permission to use the device’s camera and microphone. Others, like retrieving info about other apps, are less common, according to Internet 2.0’s report.

“I think there’s some serious questions about how they approach getting consent from users that really should give us lots of pause to think about how people’s rights are protected,” Potter said.

For brands flocking to the app, recent controversies surrounding TikTok’s data-privacy and security practices could matter to marketers if they eventually drive consumers to leave the app, said Jasmine Enberg, principal analyst, social media at Insider Intelligence. If users think their privacy is being violated, advertisers could potentially become more hesitant to spend on TikTok.

“These concerns really could dissuade risk-averse advertisers from spending on TikTok,” Enberg said. “But I think the reality also is that risk-averse advertisers likely aren’t spending there anyway because there are other concerns on TikTok that are related to things like brand safety and the fact that TikTok still is a new, somewhat unfamiliar platform.”

And the possibility of regulators stepping in is “a hot-button topic for lawmakers and consumers,” Enberg said, “particularly as it relates to China or other foreign governments.” ByteDance just reported its highest lobbying quarter yet, according to CNBC, spending $2.1 million to lobby the US government on antitrust, data privacy, defense-spending legislation, and the China competition bill.

Currently, Enberg said, Insider Intelligence forecasts TikTok as the third-largest social platform in the US and globally, surpassing YouTube for time spent. And the app has “rolled out the red carpet for advertisers,” Enberg said, by expanding ad formats and targeting capabilities that have attracted more performance-driven advertisers.