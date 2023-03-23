(MclittleStock/Adobe Stock)

Multiple privacy and security researchers who’ve examined TikTok’s app say there aren’t any glaring flaws suggesting the app itself is currently spying on people or leaking their information.

In 2020, The Washington Post worked with a privacy researcher to look under the hood at TikTok, concluding that the app does not appear to collect any more data than your typical mainstream social network. The following year, Pellaeon Lin, a Taiwan-based researcher at the University of Toronto’s Citizen Lab, performed another technical analysis that reached similar conclusions.

But even if TikTok collects about the same amount of information as Facebook or Twitter, that’s still quite a lot of data, including information about the videos you watch, comments you write, private messages you send, and — if you agree to grant this level of access — your exact geolocation and contact lists. TikTok’s privacy policy also says the company collects your email address, phone number, age, search and browsing history, information about what’s in the photos and videos you upload, and if you consent, the contents of your device’s clipboard so that you can copy and paste information into the app.

TikTok’s source code closely resembles that of its China-based analogue, Douyin, said Lin in an interview. That implies both apps are developed on the same code base and customized for their respective markets, he said. Theoretically, TikTok could have “privacy-violating hidden features” that can be turned on and off with a tweak to its server code and that the public might not know about, but the limitations of trying to reverse-engineer an app made it impossible for Lin to find out whether those configurations or features exist.

If TikTok used unencrypted communications protocols, or if it tried to access contact lists or precise geolocation data without permission, or if it moved to circumvent system-level privacy safeguards built into iOS or Android, then that would be evidence of a problem, Lin said. But he found none of those things.

“We did not find any overt vulnerabilities regarding their communication protocols, nor did we find any overt security problems within the app,” Lin said. “Regarding privacy, we also did not see the TikTok app exhibiting any behaviors similar to malware.”

There have also been a number of studies that report TikTok is tracking users around the internet even when they are not using the app. By embedding tracking pixels on third-party websites, TikTok can collect information about a website’s visitors, the studies have found. TikTok has said it uses the data to bolster its advertising business. And in this respect, TikTok is not unique: the same tool is used by US tech giants including Facebook-parent Meta and Google on a far larger scale, according to Malwarebytes, a leading cybersecurity firm.