Tiktok And Facebook Security Threats Posed Through Their Policies


Tiktok and other social media policies are a powerful tool that is used to help protect both platform users and the organization from social media risks.

However, The policies help to educate Users on the organization’s standards and policies specifically in communicating across social media channels. Simply put, it helps protect Both users and the organization.

How then are these policies posing a threat to their user community?

This guide analyzed some unknown threats that social media platforms like TikTok and Facebook Pose.

TikTok Privacy Loopholes You Should Know

Recently, TikTok freely admits – in the privacy policy on its website – that it accumulates information shared from third-party social network providers and technical and behavioral information (what videos you think are funny, how often you watch) about your use of the Platform.

Furthermore, it says, We also collect information contained in the messages you send through our Platform and data from your phone book.

Lack Of Transparency In Policies

The data collected by TikTok is similar to what’s gathered by Facebook. security researcher Patrick Jackson, the chief technology officer of the security app Disconnect, says TikTok does more ill things with its collected data simply because its rise is incomparable with others.

Moreover, He added, The sheer volume of what’s collected can’t be compared.

Karen North, a professor of social media at the University of Southern California advised her two teenage kids they could have any app on their phones, with one exception TikTok

Her reason was That their data is being mined, and the company doesn’t have to adhere to privacy laws.

However, if you want to create a video and share it, or comment on someone’s video, then you must pull over your personal information, starting with age, phone number, and e-mail address.

Tiktok Lack of Transparency has violated the privacy laws of its users, thereby, exposing their user’s data to cyber exploitation.

Risk Of Personal Location Security Monitored

TikTok spokesperson Maureen Shanahan personally acknowledged that TikTok collects estimated location information based on users’ IP addresses among other things, it helps show suitable content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.

However, TikTok is reportedly close to signing a contract with the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS), which assesses the national security risks posed by firms of foreign ownership.

When questioned about data usage, TikTok did not respond to questions about whether it has ever served different content or experiences to government officials, regulators, activists, or journalists than the general public in the TikTok app.

Term Of Service Policy Loophole

TikTok says We may also associate you with information collected from devices other than those you use to log in to the platform. Meaning, they can use other computers that you’re not even using to log into TikTok and they can pull the data off that.

Moreover, from their privacy policy TikTok says, We collect certain information about the device you use to access the platform, such as your IP address, user region, mobile carrier, time zone, the model of your device,  your screen resolution, and operating system, app and file names and types.

In another word, it means all the apps and all your file names, all the things you’ve filed away on your phone, they have access to that. A clear indication they know everything about their users.

Facebook Security Threats Found In Their Policies And Operations 

Facebook reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Facebook had monitored the location of journalists covering the company.

A timeline of events since then shows a bevy of Facebook security and data privacy issues. In February 2018, Facebook was found guilty in German and Belgian courts of violating privacy laws.

Furthermore, Later in the same month, Facebook claimed a bug led to engagement notifications being texted to users based on the phone number submitted for Facebook’s two-factor authentication (2FA).

The social media giant later admitted it did, in fact, harvest 2FA numbers for advertising purposes.

Exploitable Gained Access( Internal and External)

in September that attacker exploited a susceptibility and obtained access tokens for what was first thought to be as many as 50 million accounts.

Two weeks later, in October, Facebook updated its findings to clarify that the number of users affected was approximately 30 million accounts, and the attackers gained access to data that included contact details, locations, birthdates, and probe histories. The infringement was suspected to be the work of spammers and not nation-state actors.

Here goes the question, are your data safe?

A security researcher noticed Facebook was asking users to submit email passwords and if a user entered the password, Facebook would admit the user’s contact list without asking permission to do so. Eventually, Facebook collected contact lists from 1.5 million users.

However, The firm argued that the contact data was unintentionally uploaded to Facebook, but security specialists widely chastised the company for asking for email passwords in the first place.

Data Acquisition Without Permission 

Facebook was accused of designing its Android app permissions in a way that obfuscated the fact that the app was gathering user call logs and SMS data from users in 2021 and earlier.

Internal Facebook email messages also described whitelisting agreements between Facebook and other companies giving access to certain user data and Facebook carrying out data reciprocity agreements with developers.

In 2019, 2019, Facebook was caught in January exploiting a loophole in Apple’s iOS policies and distributing a research app using an enterprise certificate.

Moreover, With this type of certificate, the app was able to gain root admission to a user’s device and gather information, especially as constant location tracking and messages and media from third-party apps.

Facebook argued that all of the users who installed the app did so voluntarily and downplayed the number of parties using the app who were teenagers.

Arguably, both TikTok and Facebook have done more harm collectively than good. In recent times, both social platforms have been called to questionable activities with the use of data collected and divulged.

Reflecting their lack of users’ privacy considerations and data protection.