TikTok is the most downloaded app in the world, and also one of the most aggressive data collectors. Here's what it actually collects, the concerns security researchers have raised, and what you can do if you use the app.
What TikTok Collects
TikTok's privacy policy discloses collection of: your device identifiers, IP address, location data (with precise GPS if you grant permission), browsing history within the app, all content you create including drafts you never post, contacts, clipboard contents, and behavioral data about how you interact with every piece of content.
A 2022 analysis by cybersecurity firm Internet 2.0 found that TikTok collected device data every 30 minutes while active, mapped the Wi-Fi networks around you, and accessed the device's CPU and memory in ways that had no clear functional purpose for a video app.
The ByteDance Connection
TikTok is owned by ByteDance, a Chinese company. Under Chinese national security law, Chinese companies can be compelled to provide data to the government on demand. TikTok has denied that Chinese employees have accessed US user data, but a leaked internal meeting recording published by BuzzFeed in 2022 revealed that US data had in fact been accessed multiple times from China.
Multiple US government agencies have banned TikTok on government devices. The US Congress passed a bill in 2024 requiring ByteDance to divest TikTok or face a ban.
What TikTok Infers About You
Beyond what it directly collects, TikTok builds an inferred profile: your political views, religious beliefs, sexuality, mental health status, and financial situation — based on the content you watch, pause on, re-watch, and share. You don't have to tell TikTok anything; its algorithm figures it out from your behavior.
If You're Going to Use TikTok
The most effective privacy measure is using TikTok on a dedicated device that doesn't have your banking apps, email, or other sensitive accounts. This limits cross-contamination.
If that's not practical: in app settings, go to Privacy → Data Sharing and disable third-party data sharing. Turn off location access in your phone settings (set to Never). Don't connect your phone contacts or other social media accounts.
Be aware that even with these settings, TikTok's core data collection continues. These steps limit the worst of it, not all of it.
The Broader Point
TikTok is an extreme case, but the data practices of most major social media platforms — Facebook, Instagram, Snapchat — aren't dramatically different in what they collect. The difference is mainly in jurisdiction and who potentially has access to the data at the government level.