article featured image


TikTok (also known as Douyin in China) is a short-form video hosting service owned by the Chinese corporation ByteDance. It features a wide range of short-form user videos, with lengths ranging from 15 seconds to ten minutes, in genres such as pranks, stunts, tricks, jokes, dancing, and entertainment. The Chinese market first saw the launch of Douyin in September 2016, while TikTok is the app’s worldwide counterpart. Most areas outside of mainland China saw the release of TikTok for iOS and Android in 2017. However, the app didn’t go global until August 2nd, 2018, when it merged with Musical.ly, another Chinese social media site.

TikTok has been the focus of data privacy and security issues, similar to those that surround many social media networks. This article discusses TikTok’s functionality, data privacy, and safe use.

Is TikTok Safe?

Whenever it comes to apps like TikTok, safety is somewhat of a relative concept. For instance, TikTok’s Privacy Policy makes clear that the platform does gather user data, including activity, devices, geolocation, analytics, and cookies.

Despite the fact that users can opt to share certain third-party data with them, it is noted that they may automatically acquire this from certain third-party apps, some of whom are advertisers. You may have noticed the particular kinds of adverts you are receiving if you’ve been using TikTok for a time. Because they were so suited to your requirements and preferences, you might have even been persuaded to make a purchase.

By using TikTok to make videos, you’re choosing to publicly present yourself in a visual manner. Outside of this reality, there are additional safety issues to take into account when leveraging the app:

  • If you use a public TikTok account, people you do not even know can send you private messages and leave comments on your videos.
  • When your account is set to public, anyone can download your clips to their mobile device and watch them later without an Internet connection.
  • Duets are another aspect of public accounts on TikTok. By filming a “duet” with your original video, outsiders can make a new one.
  • While recording a video, it’s easy to unintentionally reveal personal information like your geographical location.
  • Just as with every social media app, TikTok puts you in danger of being exposed to unsuitable material.

Sadly, without a private account, there is no way of filtering the messages you receive from people you don’t know.

What’s more, users should be aware that watching TikTok videos is only one source of data collection. Additionally, the app gathers data from your communications. When using the app to interact with other users, you might want to keep that in mind. Plus, messages on the platform are not end-to-end encrypted. This indicates that it isn’t as secure as some other messaging apps, which do include that additional security measure.

Federal Communications Commission commissioner Brendan Carr urged Apple and Google CEOs to remove TikTok from their app marketplaces. In a letter addressed to Tim Cook and Sundar Pichai dated June 24, 2022, Carr said TikTok creates an intolerable national security risk owing to its vast data collection being combined with Beijing’s presumably unfettered access to that sensitive data.

Although TikTok admits to sharing data with third parties, the site generally uses customer data to improve its services.

  • Business collaborators: Your application ID and login credentials from TikTok can be seen on other social networking sites including Facebook, Twitter, and Google.
  • Service providers: TikTok maintains its services with the help of outside service providers. Instances of good examples include cloud service providers and content monitoring platforms. These platforms may also acquire access to some of your personal information.
  • Payment service providers: Payment providers will have access to your purchase history as intermediaries when you deal with TikTok in order to speed up payments.
  • Authorities: TikTok reserves the right to share user information with police officials as may be required by law.
  • Advertisers: TikTok collaborates with advertising companies for analytics, targeted advertising, and activity monitoring, similar to the majority of social networking sites.
  • Data analytics services providers: These services have access to pertinent information regarding TikTok and its consumers.

Types of Data Collected

TikTok allegedly collects every piece of data, including search and navigating records, keystroke patterns, biometric markers (such as voiceprints and faceprints), geolocation, draft texts, metadata, and information saved on the clipboard, which may include text, photos, and video files.

  • Private details: Any personal information you provide to TikTok when you create an account, including your username, password, birthdate, email, contact number, and anything you include in your profile description, will be retained. Additionally, it will store your profile picture or video, allowing TikTok to recognize you if you post your face on the app.
  • User-generated material: TikTok is also aware of and keeps track of the content you post, produce, and view, as well as your language settings, audio and video files, reviews, and live streams.
  • User behavior: TikTok keeps track of your behavior throughout the app. In order to suggest accounts to follow and videos to add on your For You page, it keeps track of the videos you watch and save to My Favorites. Additionally, it creates a profile of you according to your interests, demographics, ad preferences, and other details.
  • Third-parties information: If you use other platforms in addition to TikTok, TikTok may obtain information about you from those platforms. For instance, TikTok will obtain and keep your public profile information if you sign up using Facebook.
  • Users’ networks and devices: Details about users’ IP addresses, device Identifiers, phone companies, operating systems, and a ton more, are logged by TikTok on a technical level.
  • Geolocation: TikTok may track your precise location utilizing your device’s global positioning system if you provide it authorization. It can determine your general location using your IP address and SIM card.
  • App store buying: Although you can purchase virtual goods from TikTok, TikTok won’t see your credit card information since these purchases are made through the App Store or Google Play. But it does keep track of the things you buy, when you buy them, and how much money you spend.
  • Verification of ID: TikTok may require you to provide evidence of your identity or your birth date such as a snapshot of your ID, in order to use specific features or have your account validated.

Do Hackers Specifically Target TikTok?

Compared to other social media platforms, TikTok is not more frequently targeted. Hackers will attempt to collect user data and disseminate phishing links, but this is the situation with pretty much all social media.

There is less emphasis on direct messaging than there is on Facebook or Twitter because TikTok is a video-sharing site. Furthermore, only individuals 16 and older are permitted to send and receive direct messages on TikTok.

The majority of TikTok cyberattacks employ social engineering rather than compromising the app’s security. Threat actors defraud users out of their money and credentials using scams and phishing techniques. TikTok would immediately remedy any security flaw, but phishing and other schemes still exist.

When discussing online security, privacy plays a significant role. This is especially the case when talking about social media platforms because they invade users’ privacy more than most other kinds of websites do. Make sure you are familiar with and in agreement with TikTok’s privacy policy before you sign up for an account.

Common TikTok Scams to Watch Out For:

  • Fraud apps: Occasionally, you’ll come across accounts that advertise apps together with an intriguing or alluring video. Most of the time, they include a download link with their posts, but don’t be tricked—those links redirect you to phishing or malware The more cunning fraud apps will in fact be downloaded into your phone, but they are malware-filled. Although TikTok doesn’t itself contain viruses, I nonetheless advise utilizing a device with strong antivirus software when visiting the platform.
  • Phishing: This type of cyberattack has been around almost as long as emails have, evolving along with the rise of social media platforms like TikTok. You should never click any links in posts or comments that ask you to do so, especially if there is no context. They’ll probably redirect you to a phishing website in an effort to steal sensitive data, such as your login details.
  • The “Increase your number of likes and followers” scam: If you’re aspiring to be a social media influencer, posts that promise to increase your likes and followers in exchange for cash or other actions from you might tempt you to interact. Mark my words – there is no quick route to notoriety, therefore these posts are probably from scammers that are only after your personal or financial information.
  • Crypto scams: Scams involving bitcoin (or other cryptocurrencies) investments are more difficult to spot because there are actual accounts that provide legitimate investments in cryptocurrencies to consumers wishing to expand their portfolios. Just be aware that not all crypto transactions are reliable, and you should thoroughly investigate any accounts you are considering working with.
  • Romance and dating scams: A sophisticated sort of social engineering, these scammers use a phony account to deceive you into starting a relationship with them online. Once they have your trust, they will pretend to want to know you better by asking for your personal information or borrowing money (without any intentions of repaying it). This year, TikTok forewarned viewers about this kind of scam before Valentine’s Day.

How to Stay Safe on TikTok

  • Create a private account: Every TikTok user is able to create a private account. This implies that the videos you upload to your account are only viewable by those who you purposefully interact with using the app. Your TikTok recordings won’t be viewed by anyone you don’t know if you make your account private.
  • Don’t overshare: your social network doesn’t need to be aware of every aspect of your life. Never divulge private details, such as your birthdate, postal address, or private email.
  • Establish account limitations: If someone you don’t know messages you on TikTok, they might just want to socialize or they might be phishing for your private details. The only way you can be sure that anyone who approaches you on the app has the best of intentions is to only accept messages from the people you know. Additionally, to control who can access, comment on, and share your videos, make sure you use TikTok’s privacy settings.
  • Avoid recommending your account to other users: You can decide whether you want other people to be recommended your account in TikTok’s privacy settings. Users can also decide to restrict access to their account so that only those they are already connected to can look for it. Simply disable “Suggest Your Account to Others” and you will prevent the app from featuring your account and luring in unfamiliar users. Additionally, it will prevent results for your TikTok account from appearing in search engines.
  • Activate two-factor authentication: This will stop unauthorized users from accessing your TikTok account, even if they have your login information. With two-step authentication, login requests must be approved using either your registered phone or email address.
  • Avoid using the same passwords for multiple accounts: Make sure each password you use is unique. In this manner, even if your account is hacked, the password security of your other accounts will still be safeguarded.
  • Avoid suspicious links: On occasion, cybercriminals may send you a link in a message that appears to be from TikTok but is in fact a hoax. This can result in your device downloading a malicious spyware update or a trojanized version of the app. Avoid opening a suspicious link from an unknown source, and when you believe a link to be coming from a friend or TikTok itself, double-check to ensure it is in fact genuine and not a scam.
  • Use a VPN: Virtual private networks conceal your IP address and stop advertising from following you. This is basic security hygiene. To understand more about how it works, you can check out my colleague Elena’s article on Proxy vs. VPN.
Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrapping Up…

Alongside TikTok’s many benefits, including its popular social features, engaging content, and influencer marketing prospects, there are also serious risks that could lead to identity fraud, spyware, and data harvesting. You can enjoy browsing TikTok safely by paying attention to the risks we discussed above together with the strategies that can prevent such risks.

We may conclude that TikTok is approximately as safe and secure as every other social media network after carefully reading over its privacy statement. Not only is it not any less risky, but it is also not any safer. You may anticipate the very same degree of privacy from TikTok as you would from any other social media platform, especially Facebook or Instagram.

You should make sure you rely on a strong and reliable security solution if you want to stay safe when online, whether you are creating amusing content on TikTok, working remotely, sending emails to friends, playing video games, and more. Heimdal provides a wide choice of security products that may help keep your information and data safe.

Traditional anti-virus is no longer sufficient in the modern era of cybersecurity, as hackers’ techniques are becoming increasingly sophisticated. No matter how effective it is, an anti-virus only responds to threats that have already entered your system. This may be too late if you’re dealing with an APT (advanced persistent threat).

However, an AI-based traffic filtering solution can intelligently detect dangers before they reach your system, like our Heimdal Threat Prevention. Such security software actively inspects incoming traffic and prevents harmful malware from reaching you. This keeps you secure even if you mistakenly click on a harmful ad while browsing TikTok.

If you liked this article, make sure to follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *