TikTok Might Know You Even Better Than You Think It Does

Whenever you sign up for a new app, like, say, TikTok, it’s up to you to read through the terms of conditions before you press 'accept.' But we all know how those terms come in pages upon pages of paragraphs and we are all guilty of barely reading through them before we accept them so we can get to playing with whatever app they preceded. Now, because of TikTok’s terms and conditions, the cybersecurity company Penetrum is calling it out.

The company alleged through a 21-page document that TikTok has taken advantage of its users. And, even though the app boasts millions of dedicated users and millions of new uploads daily, some people are starting to take notice. What this means for the future of the app, however, is uncertain right now.

In April 2020, Penetrum tweeted the link to the company’s document which described its findings in investigating TikTok’s policies and requirements in collecting data from its users. In the document, Penetrum said that in TikTok’s privacy policy, "they declare that they harvest and share your data with third-party vendors and business partners."

The document went on to point out that 37.70 percent of the known IP addresses linked to TikTok are also linked to Alibaba.com, a China-based company which faced a data leak in 2019. The document alleged that it's entirely possible TikTok is collecting too much of users’ data, potentially for less than admirable reasons, which may negatively affect users later on down the line.

"From our understanding and our analysis, it seems that TikTok does an excessive amount of tracking on its users and that the data collected is partially if not fully stored on Chinese servers with the ISP Alibaba," the document stated. "It seems slightly coincidental to us that Alibaba’s data breach specifically states that the breach itself included that IMEI, IMSI, phone numbers, and user data specifically pertaining to phones was breached as well as other personal information."

If Penetrum’s findings aren't enough to make you take another look at what TikTok may or may not be harvesting, someone on reddit said they reverse-engineered TikTok to gain a better understanding. They alleged in an April 2020 reddit post that, in their findings, they realized TikTok may be getting information about your phone’s hardware, other apps on your device, and a GPS ping. And, according to the redditor, TikTok allegedly collects more data than Instagram, Twitter, and even Facebook.

In 2019, when TikTok came under scrutiny for data security, an official statement was released on the website. In the statement, the company claimed to have "robust cybersecurity policies, and data privacy and security practices." Obviously that greatly contradicts what Penetrum has alleged, but right now, some TikTok users are freaking out just a bit. And should Penetrum’s findings gain more traction, TikTok might end up in the social media graveyard, much like its predecessor, Vine.