What is TikTok?

TikTok is a short-form video platform owned by ByteDance, a Chinese technology company. With over 170 million users in the United States alone, it’s become the digital hangout spot for an entire generation. Users create and share videos ranging from 15 seconds to 10 minutes, covering everything from dance challenges to educational content.

But beneath the entertaining surface lies a complex web of security concerns that have caught the attention of lawmakers, security researchers, and intelligence agencies worldwide. But like any technology, there are pros and cons to using it.

The Good

Like any application, there are both positive and negative uses for TikTok, and pros and cons to using it. My outspoken colleague Gregg Yurchak uses TikTok as well as YouTube Shorts to reach his audience of almost 700 people for his “Cybersecurity in 60 seconds” channel (@cybersecsec). Folks like Gregg use TikTok as a means to reach an audience that may not be accessible on another platform.

Also, recent legislation and Executive Orders forced ByteDance to sell the majority of TikTok in the US. This sale and the laws surrounding it may mean that TikTok is more secure than it has been in the past. Lets dive in.

The Growing Concerns

TikTok’s security issues are documented by security researchers, investigated by government agencies, and rooted in the legal framework under which ByteDance operates. A 2022 analysis by Internet 2.0, an Australian cybersecurity firm, found TikTok’s data collection exceeded typical social media platforms, harvesting device identifiers, location data, and biometric data including faceprints and voiceprints. BuzzFeed News reported that ByteDance employees in China accessed U.S. user data despite TikTok’s assurances otherwise, while security researchers discovered TikTok was accessing clipboard data that could expose passwords and credit card numbers. China’s National Intelligence Law requires all Chinese companies to “support, assist, and cooperate with state intelligence work.” This is a legal mandate that concerns U.S. lawmakers.

The biometric data collection is particularly alarming. In June 2021, immediately after paying $92 million to settle an Illinois lawsuit for collecting biometric data without consent, TikTok quietly updated its U.S. Privacy Policy to explicitly permit collecting “faceprints and voiceprints.” The catch: TikTok only seeks permission “where required by law.” Only five states have biometric privacy laws, meaning in 45 states, TikTok can collect this data without asking. As Carnegie Mellon privacy expert Alessandro Acquisti told TIME Magazine, biometric data represents permanent identifiers; unlike passwords, you can’t change your faceprint if it’s compromised. The potential uses range “from benign, such as secure access to the app, to chilling, such as mass re-identification and surveillance.”

Legal Action

Because of concerns like those outlined above, the US Government decided to step in and help work out a solution. What followed was years of legal battles, failed negotiations, and regulatory uncertainty spanning two administrations.

Congress finally took decisive action in April 2024, passing the Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA), which gave ByteDance nine months to sell or face a nationwide ban. After the Supreme Court unanimously upheld the law in January 2025 and the app briefly went dark for U.S. users, President Trump (now in his second term) stepped in with multiple deadline extensions while brokering a deal. The resolution came in January 2026 when TikTok's U.S. operations were transferred to a new joint venture controlled by American investors including Oracle, Silver Lake, and Abu Dhabi's MGX, with ByteDance reduced to a minority stake below the 20% threshold required by law.

What the TikTok Deal Actually Means

So what actually changed? As of January 2026, American users' data now lives on Oracle's servers here in the U.S., not overseas. The algorithm, that secret sauce that decides which videos you see, is being retrained using only American user data, and Oracle is responsible for making sure TikTok follows all the national security rules. Content moderation (deciding what stays up and what gets taken down) is now handled by people in the U.S., and a new board with mostly American members is calling the shots.

But here's the catch: ByteDance didn't fully walk away. They still run the advertising, e-commerce, and marketing side of things for American users, which means your TikTok experience probably feels exactly the same as before. The algorithm retraining is also still a work in progress. It's not like someone flipped a switch and everything became "American" overnight.

How to Make TikTok (More) Secure

If your teenager uses TikTok, the settings you configure today can make the difference between a relatively safe experience and one that exposes them to strangers, predators, and data harvesting on a massive scale. The good news is that TikTok has built in some solid parental controls. The bad news is that most parents have no idea they exist.

The platform now defaults accounts for users under 18 to private, and users under 16 have direct messaging disabled entirely. But defaults only go so far. The following steps will help you lock down your teen's account, limit data collection, and set up Family Pairing so you can monitor their activity from your own device. Fair warning: TikTok updates its interface frequently, so if you cannot find an exact setting, use the search bar within Settings and privacy to locate it.

The Bottom Line

TikTok’s security concerns aren’t theoretical. They’re documented by security researchers, investigated by government agencies, and serious enough that federal law required divestment. The January 2026 sale creates a complex ownership structure that complies with the law, and should make the application more secure.

If TikTok remains part of your family’s digital life, treat it like any other calculated risk. Implement every security control available, have ongoing conversations about digital safety, and stay informed as the legal, technical, and geopolitical landscape continues to evolve.

The best defense against any platform’s security risks is an informed user who understands both the capabilities of the technology and the motivations of those who control it.

Join me for our next Intruvent Edge Newsletter on Thursday where we dive into the disappearance and possible re-emergence of a Threat Actor Group.

Disclaimer: TikTok is a registered trademark of ByteDance Ltd. This article is published for educational and informational purposes as part of cybersecurity awareness. All cited claims are attributed to their original sources. The views expressed are those of the author based on publicly available information and do not constitute legal advice.

Research Sources:

Internet 2.0 cybersecurity analysis (September 2022)

BuzzFeed News investigative reporting (June 2022)

National Intelligence Law of the People’s Republic of China (2017)

Microsoft Security Response Center advisories

Congressional legislation (H.R. 7521, H.R. 2617, Public Law 118-50)

Department of Defense memoranda

Executive Orders 13942 (2020) and enforcement pause orders (2025)

TikTok official privacy policy and settings documentation

Axios, CNN Business, NPR, CNBC reporting on TikTok sale (December 2025-January 2026)

Congressional statements from Rep. Moolenaar and Sen. Markey (December 2025-January 2026)

Last Updated:February 24 2026