In 2021, TikTok surpassed 1 billion users, and it continues to grow and amass more users, firmly establishing itself as a huge player in the social media game -- and quite possibly, laying a claim to be the most popular social media app.
But TikTok's privacy concerns are almost as concerning as its growth is impressive. The company has been repeatedly accused of aggressive data harvesting, and since TikTok has admitted that data from outside of China is accessible from China, and presumably also available by the authoritarian Chinese government, that's obviously a reason for concern. Robert Potter, the author of a report on TikTok, found that despite what TikTok claims, the app grants Chinese authorities access to its device data as it connects to Chinese servers. It's not exactly clear what data is being shared, but this may only be the tip of the iceberg.
According to research published by Felix Krause, a Vienna-based computer scientist, TikTok also employs a dubious practice. When you access a website through a link in the TikTok app, the app inserts code that allows TikTok to track what you're doing on these other websites; it can do things like monitor your keystrokes and what you click.
Krause also looked at other apps, including Facebook, Facebook Messenger, Instagram, Snapchat, Amazon, and Robinhood -- out of these, TikTok is the only one that employs this practice. So when it comes to apps that threaten users’ privacy, TikTok seems to be ahead of the pack, especially because this isn't something that can happen by accident.
"This was an active choice the company made," Krause told Forbes, which first reported the findings. "This is a non-trivial engineering task. This does not happen by mistake or randomly." Krause is the founder of the app-testing company Fastlane, which Google acquired five years ago.
TikTok denied the claims, saying that the code is only used for "debugging", but since it was the only major app that uses this approach, the rejection seemed unconvincing.
"Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring," the company said in its statement.
Apps, and social media apps, in particular, are becoming a hotspot for privacy concerns because so many people are using them. Facebook has 3 billion users, TikTok has over 1 billion, and WhatsApp has 2 billion. While there is certainly a lot of overlap between the users of social media apps, we're talking about several billion users that can be exposed by breaches, data leaks, or simply by what data the apps themselves collect and pass to other parties.
For instance, Instagram, Facebook, TikTok and other social media services may keep track of your location. You can revoke that permission on most devices, but the vast majority of people don't. Of course, this doesn't really mean that Facebook looks at your every movement as a stalker, but they may use that type of data for advertising and displaying suggestions and things like that. But the problem is that they still store a lot of user data, and the data can be leaked.
In 2021, for instance, one user in a hacking forum published the phone numbers and personal data of hundreds of millions of Facebook users. This includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses. Journalists from Insider confirmed the validity of several of these entries, and it seems like the leak is real, not made-up. Facebook said the leak was due to a vulnerability that was patched in 2019.
Of course, apps collect much more finessed information as well. Their general goal is to create a digital-based personality based on the information they collect from your devices, so they can anticipate what sort of recommendation or ad you're more likely to enjoy and make that recommendation. There are positives to that, like for instance when an app recommends a nearby restaurant that you actually like; but there are also clear problems.
Leaks are one such problem, but even if the data is kept safe (which is a big 'if'), offering companies so much information about billions of individuals has profound implications for our society. This type of data could be used to suppress dissidents, or influence voters, or tamper with human rights -- many of these are already active problems.
As the internet has become a pillar of our civilization, and smart devices are virtually ubiquitous, protecting your privacy and anonymity is harder and harder. But there are some good practices you can do.
For instance, you can use a VPN for your laptop or smartphone, and you should always check what permissions you're granting to what apps. Using an alternate email for social media apps (or apps in general) could also be a good idea, as is using only encrypted messaging services for communicating with your friends.