TikTok's privacy impact analysed

Popular Chinese social media app TikTok demands a potentially concerning level of device control, but there is no evidence this control is being abused, according to Proofpoint researchers.

An analysis of the video sharing app’s privacy and data collection policies has found that the TikTok app requires a wide range of app permissions on both Android and iOS devices.

These include requiring full access to a device’s contact list, collecting detailed location data using GPS and other apps, and — on Android devices — the ability to access other apps running at the same time.

Proofpoint researchers found no evidence that TikTok abuses any of these abilities. But one concern raised by the company was the issue of data sovereignty.

TikTok’s website does state that all US user data is stored in the US, with backup redundancy in Singapore, and that no data enters the US and is subject to Chinese law. But there is no information on where data on users from other regions is stored.

Proofpoint researchers did note that TikTok’s recently published inaugural transparency report states that the company received no legal requests for user information from China during the first half of 2019. Meanwhile, the company received five requests from Australia covering a total of five specified accounts, the same report shows.

Proofpoint also noted that TikToks privacy model and controls are consistent with other social media platforms, but provide no bearing on what data is collected and stored by the company.

In conclusion, Proofpoint said TikTok should be treated like any social media app, in that it can be used with relative safety if a user is aware of the information it gathered and what it does with the data.

Image credit: ©stock.adobe.com/au/ink drop