Is TikTok Really a Security Threat? Here’s What Experts Found

Image of locks to suggest security and encryption

TikTok is an app popular with teens and young adults. It’s a social media platform where users can share short-form videos, similar to Vine or Snapchat. It has frequently been in the news lately over its security, with multiple publishers and companies releasing information about the app. It all started when in 2019 the Peterson Institute called the app a national security threat.

Then with the iOS 14 betas we saw that TikTok secretly accesses data on your clipboard, thanks to a new security feature in the OS. Now, even the U.S. government considering a ban on the app. Here’s what the experts say.

Researching TikTok

First, we have the Redditor who claimed to have reverse engineered the app. User “bangerlol” says the app collects a lot of information from your phone, like the hardware components, apps you have installed, network data, whether you’re rooted/jailbroken, and leak your email address(s) in the apps HTTPS REST API.

Penetrum TikTok overview
Penetrum’s brief overview of TikTok

Next, we have security firm Zimperium. Its full analysis of TikTok is behind a barrier (you’ll need to give them your company name, title, email address, etc). Using its z3A Advanced Application Analysis it said both the iOS and Android versions of TikTok has high privacy and medium security risks, with a score of 98/100 for privacy and 82/100 for security (high score is bad).

Another security firm, Penetrum, made its TikTok analysis easily available for everyone. The main PDF reveals that TikTok’s level of data collection is, like u/bangerlol found, excessive.

Finally, in ProtonMail’s examination of TikTok’s privacy policy, the amount of data the app collects is right there in the open. Data includes your IP address, browsing history within the app, your mobile carrier, location data like GPS coordinates, your device’s IMEI number and possibly its IMSI number, and every single action you take within the app.


It seems safe to say that TikTok is both a privacy and security threat. There is back-and-forth debate on whether the company has links to the Chinese government, but it’s plain to see from the data that this isn’t wholly a political debate. This includes what its own privacy policy states. If you’re concerned about your privacy and/or security you may want to give TikTok a pass.

3 thoughts on “Is TikTok Really a Security Threat? Here’s What Experts Found

  • Andrew:
    A greatly appreciated PSA. 
    At the risk of being batched with the naive Westerners (not a common accusation for yours truly), the review is particularly detailed and damning. As you state, it’s not what anyone, including it’s developers, have to say about the app, it’s what forensic level analysis reveals about the app’s behaviour. Actions trump words (no political reference intended). To whomever this app is ultimately communicating, or whose interests it serves, it clearly is not serving those of the user. 
    While I don’t fit the demographic of the novel social media app early adopter, I am compelled to use many of these apps to remain in touch with colleagues, teams and staff strewn across the planet, and will use whichever of these best suit their needs/technology constraints/costs. Before installing, I try to learn as much as I can about that app’s performance so that I can apply any available countermeasures against bad behaviour and outright security exploits (yes, I’m looking you Zuckerberg…big time). 
    To date, thankfully, I have had no use for this app, but would definitely not load it unless and until this app could be locked down. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.