TikTok

Video Social Network

#1 Entertainment

iOS Review

4 TRACKERS

109 ATTEMPTS

PRIVACY

RATING

PRIVACY

RATING

TikTok is one of the most downloaded of all time and is exploding in usage amongst children and young adults - but it still connects users to privacy-invasive tech giants like Google and Facebook. Not only that, but it connects to trackers Branch and AppsFlyer even before the app is opened for the first time.

Update 07/08/2020: TikTok was recently discovered to be secretly and constantly accessing the contents of the clipboard. As a result of this, we've downgraded them from a C to a D, and have also added checking for clipboard access to all our Privacy Reviews from now on.

TikTok's Privacy Rating is D. We found 4 different third-party trackers in the TikTok app, and there were 109 attempted tracking connections detected during our test.

Testing Results

Blocked tracking attempts.

How was tracker testing done?

Tested using Lockdown v0.3.8

What was done during the test?

109 attempts in 3 minutes of using the app: Installation, launch, email signup, and sharing one three-second video.

How many tracking attempts each time the app is opened?

25 tracking attempts each time the app is relaunched.

Did user give consent to tracking before tracking started?

No. Tracking begins immediately upon app install completion, *even before* the app is launched. Connections are made before app launch to AppsFlyer and Branch trackers by abusing an Apple iOS feature intended originally for Password Autofill.

Personal Data Collected

✉️ Email Address

📅 Full Birthday

📷 Camera

🎤 Microphone

📞 Phone Number

❗️ Notifications

🖼 Photos

📋 Clipboard

Trackers Found

AppsFlyer

Marketing

Mobile Ad Attribution Platform

Show Collected Data ›

Privacy Policy: Unique identifiers, IP address, User agent, the URL from the referring website, downloads and installations of Applications, and other interactions, events, actions, Customer issued user ID, clicks on Customer ads, ad impressions viewed, audiences or segments to which an ad campaign is attributed, the type of ads and the webpage or Application from which such ads were displayed, the webpages on Customer’s website visited by an End User, IDFA (identifier for advertisers), Android ID; Google Advertiser ID, browser type, device type and model, CPU, system language, memory, OS version, Wi-Fi status, time stamp and zone, device motion parameters, carrier.

Facebook Pixel

Analytics

Marketing

Measure Ad Performance

Show Collected Data ›

Privacy Policy: Anything present in HTTP headers - IP addresses, information about the web browser, page location, document, referrer and person using the website, Pixel ID and the Facebook Cookie, any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks, Developers and marketers can optionally choose to send additional information, website field names like ‘email’, ‘address’, ‘quantity’ for when you purchase a product or service

Branch

Marketing

Mobile measurement, linking platform

Show Collected Data ›

Privacy Policy: IP Address, Cookie, Link Data, User Agent, Referrer, Request, Phone Number, Engagement Data, iOS Identifier for Advertising, iOS Identifier for Vendors, Android Advertising ID, Android ID, Branch Cookie ID, App Version, Device model, Manufacturer, Operating system, Operating system version, Screen size, screen resolution, Session start/stop time, Mobile network status (WiFi, etc), Application installed time, Application updated time, Device locale (country and language), Local IP address, Mobile platform, Branch SDK version, Carrier ID, MAC address, Windows Advertising ID, CPU ID

Google Analytics

Analytics

Marketing

Measure Advertising ROI

Show Collected Data ›

Privacy Policy: Owned by Google, so same as Google's Privacy Policy. Personal information, email address, apps, browsers, devices, unique identifiers, browser type and settings, device type and settings, and too much more to fit here.