The TikTok data collection scandal – what you need to know

The world’s fastest rising social media platform, TikTok, found itself under heavy scrutiny after a redditor claimed to find evidence of covert data collection while reverse-engineering the app. The news comes after several other accusations aimed at TikTok in connection with the #BlackLivesMatter protests.

TikTok’s media problems

This isn’t the first time TikTok finds itself embroiled in controversy. In November of 2019, the explosive rise of TikTok as a media platform resulted in the United States government launching a national security review of the application. It was also the target of an investigation by the United Kingdom government as a result of concerns over child safety on the platform.

The fact the app is owned and operated by a Chinese company also complicates matters – as a result of a tense geopolitical situation, the app found itself among many others banned by the Indian government – being specifically cited as a national security threat.

The origins of the leak

The data collection scandal started after a redditor (/u/bangorlol) posted a long summary of their work reverse-engineering the app. The contents of the post immediately went viral, being covered in sources ranging from Forbes to BoredPanda.

The initial disclosure wasn’t all – there’s a lot more that the app has to uncover. A subreddit dedicated to reverse-engineering – /r/tiktok_reversing – was quickly set up to coordinate the search for more information. 

What exactly is collected?

As disclosed in /u/bangorlol’s original post, the application collects everything it can get access to. According to the post, 

“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.”

They go on to list the things they found:

  • Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)

  • Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?)

  • Everything network-related (ip, local ip, router mac, your mac, wifi access point name)

  • Whether or not you’re rooted/jailbroken

  • Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC

  • They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication

TikTok’s response (or the lack thereof)

As of this writing, TikTok is yet to respond to these accusations or remove these behaviours within its application. Instead, the company only announced the rollout of a new ad platform

This has not gone unnoticed – a lot of voices have spoken out, calling for the app to be banned or significantly changed. United States Secretary of State Mike Pompeo has stated that the Trump administration is looking into banning the application outright. Companies such as Wells Fargo and Amazon asked its employees to uninstall TikTok from their devices, although Amazon has since walked back on its statement.

What does this mean for business?

Without a strong response from TikTok, the platform could face significant troubles operating in certain markets. 

The undisclosed data collection is in direct violation of laws such as the EU’s GDPR. This means that the European Union can demand the app be made unavailable on Apple’s App Store and Google’s Play Store. The same thing can happen in the United States – and it’s already happening in India.

This also opens the market up towards competitors. Instagram has already smelled blood – they have started aggressively promoting it’s TikTok competitor, Reels, in India. This isn’t an unexpected move – TikTok had an estimated 200 million users in India alone, none of whom can now access the app.

From a marketing standpoint, this makes TikTok shaky ground to tread on. It remains one of the most popular ways of reaching millennials and Gen Z customers, but unless the app changes its behaviour to be more compliant with privacy laws, it’ll simply be banned.

Data privacy is no joke – other social media networks, such as Facebook, have to operate under strict laws in order to protect its users’ sensitive data. Following the Cambridge Analytica scandal in 2018, online privacy became an incredibly sensitive topic. 

Gone are the days of social media networks trading in user data without oversight. Both platform operators, such as Facebook, and social media analysis tools, such as our own SentiOne, are bound by strict regulations, which require us to disclose all of the data we collect, the way we use it, and how we store them in order to prevent unauthorised access.

Because TikTok seemingly fais to do that, it can expect to face a large amount of scrutiny from governments and regulatory authorities. Without a strong response and a commitment to privacy, the app will simply vanish from the western world. The situation is even more critical when you consider the young age of TikTok’s user base.

If you’re a marketer who previously used TikTok to reach millennials and Gen Z, you should start keeping an eye out for viable alternatives. TikTok’s success certainly brought with it a wave of imitators – time will only tell if any of them can stand up to the giant. A social media listening tool can help you stay on top of the industry’s buzz and figure out what the next big thing is. Our solution, SentiOne, allows you to do just that – contact us to schedule your free trial today.