What’s your take on TikTok and privacy concerns?

[danielmartinhq 0]

I keep running into debates about TikTok. Some people see it as just another social platform like YouTube or Instagram, while others think it collects way more data than it should and poses bigger risks.

What’s interesting is that lately, apps like TikTok 18 are also showing up in discussions about privacy and data handling. It’s basically a modified version of TikTok that gives access to more adult or restricted content, but it doesn’t come from official sources — which makes it even harder to verify what kind of data it collects or where it sends it.

So I’m wondering if the real risk isn’t just from TikTok itself, but also from these unofficial versions floating around. Do you think TikTok (and apps like TikTok 18) are genuine privacy threats, or are they being exaggerated compared to other big platforms? And how do you see their overall impact on internet culture and security awareness?

Edited ... by danielmartinhq

[Tech Jedi Alex 1524]

Reminds me of that one time I had a modified version of WhatsApp running, WhatsApp Plus or WhatsApp+ it was called. The dev was one Dr. Mounib Al Rifai who stopped development upon receiving a Cease and Desist letter from the originals. It was possible to hide one's online status with that version (or monitor the online status of your contacts), send files bigger than the size limit, completely change colors, backgrounds and even some aspects of the UI layout, it introduced an image and GIF search feature to use as profile and group avatars and in messages, allowed opening a conversation with numbers you don't have in your contacts and so, so much more. It was wild. It directly appealed to Android power users back then who modded the hell out of their phones with all the custom ROMs available at the time and all the wild features they introduced, also YouTube Vanced, WhatsApp+, of course, and the advent of Telegram introducing ingenious new things to instant messaging, copied by later messengers. Those were some mighty good times for Android power users. I know I enjoyed the heck out of it.

Even in that time, people always asked "who are the people behind those apps, can we trust them not to put malware in their work and by extension on our phones". The risk of installing the wrong thing is always there, even with modified clients for TikTok; after all, for someone excited it might not be clear that the original can only be found on specialized forums, not on fancy websites SEO'd to the death to be on the first result page.
In the past, if an app or tool was introduced on the XDA Forums or 4PDA and got some good feedback, it could generally be considered safe (as in, it's probably not malware; privacy is not a modder's concern). Personally, I generally followed the rule: "Original modding projects rarely have a dedicated website, much less a fancy one", because every damn project worth its salt only ever communicated via forums or some code repository. All the modding apps I know published on XDA (like XPosed Framework, SuperSU, Magisk) or GitHub (like Shizuku, Shamiko) for a very simple reason: To not have hosting expenses, and to be seen by likeminded individuals, not search engines. XPosed and TWRP are one of those rares who have or had a rather simple website.

Comparing my experience to the presentation of protiktok18.com, my verdict is a tendency to avoid it. Especially if the website for some reason crows about how important trust & safety is to them, and that the download is "fully scanned to ensure your protection" and "safe", the latter appearing 9 times on the front page. You're not appealing to modders like that; It's like, people who know what they're doing are not even the target audience with this one…

[Kartik Sharma 1]

On 10/9/2025 at 2:29 AM, Tech Jedi Alex said:

Reminds me of that one time I had a modified version of WhatsApp running, WhatsApp Plus or WhatsApp+ it was called. The dev was one Dr. Mounib Al Rifai who stopped development upon receiving a Cease and Desist letter from the originals. It was possible to hide one's online status with that version (or monitor the online status of your contacts), send files bigger than the size limit, completely change colors, backgrounds and even some aspects of the UI layout, it introduced an image and GIF search feature to use as profile and group avatars and in messages, allowed opening a conversation with numbers you don't have in your contacts and so, so much more. It was wild. It directly appealed to Android power users back then who modded the hell out of their phones with all the custom ROMs available at the time and all the wild features they introduced, also YouTube Vanced, WhatsApp+, of course, and the advent of Telegram introducing ingenious new things to instant messaging, copied by later messengers. Those were some mighty good times for Android power users. I know I enjoyed the heck out of it.

Even in that time, people always asked "who are the people behind those apps, can we trust them not to put malware in their work and by extension on our phones". The risk of installing the wrong thing is always there, even with modified clients for TikTok; after all, for someone excited it might not be clear that the original can only be found on specialized forums, not on fancy websites SEO'd to the death to be on the first result page.
In the past, if an app or tool was introduced on the XDA Forums or 4PDA and got some good feedback, it could generally be considered safe (as in, it's probably not malware; privacy is not a modder's concern). Personally, I generally followed the rule: "Original modding projects rarely have a dedicated website, much less a fancy one", because every damn project worth its salt only ever communicated via forums or some code repository. All the modding apps I know published on XDA (like XPosed Framework, SuperSU, Magisk) or GitHub (like Shizuku, Shamiko) for a very simple reason: To not have hosting expenses, and to be seen by likeminded individuals, not search engines. XPosed and TWRP are one of those rares who have or had a rather simple website.

Comparing my experience to the presentation of protiktok18.com, my verdict is a tendency to avoid it. Especially if the website for some reason crows about how important trust & safety is to them, and that the download is "fully scanned to ensure your protection" and "safe", the latter appearing 9 times on the front page. You're not appealing to modders like that; It's like, people who know what they're doing are not even the target audience with this one…

That’s a really solid breakdown, and it honestly explains why people get tripped up with TikTok mods and similar apps. Back in the XDA and GitHub days, trust came from the community, not from some shiny website repeating “safe” fifteen times. What you said about real modders avoiding those polished download pages is spot on.

I was chatting with someone at SEO Discovery about this kind of thing recently, and they mentioned how those overly SEO-optimized sites tend to target people who don’t know the difference between a genuine project and a sketchy clone. Your experience pretty much lines up with that.

[Stalinium 55]

Never used Tiktok and never will. It's Facebook/Instagram dialed to 100. Did you know that every Tiktok share link is uniquely tied to the user? It explains why these links expire after some time like 1-2 months and then just open up a random video. If privacy wasn't bad enough, I refuse to open myself up to brain rot. That's all I wish to say about Tiktok.

I think Open Sourcerer brought up good points. And the tiktok18 website he mentioned... why does it have AI generated images instead of screenshots? 🪿 why? 🪿 The permission explainer at the bottom looks like a red flag on its own.

I have a real example too. Youtube Vanced is a great community project. Yet someone else made a high ranking SEO-copycat website of unknown origin and ownership. Oh and don't be misled by Github pages that appear personal. I've seen enough malware pages posing as Github repositories - I wasnt going to confirm, I trust my instinct when something looks fishy. The kind where there's only a readme page, no code, yet an .exe under Releases.

Overall I am way more distrustful of smartphone apps than I ever was of Windows shareware... despite the sandbox capabilities of Android. If I had to categorize the threats:

1. Computer: old school trojans, that only messed up your system or trolled you, are all but gone. Instead you'll either catch an infostealer (to exfiltrate browser cookies and passwords that can be sold on the black market for further phishing and scams) or a cryptolocker (ransomware)
2. Phone: telemetry to refine your ad profile and connect the dots in the sea of Big Data
3. Phone: hijacked ads (an app mod overwrites the ad network account to receive money themselves while you use this app)
4. Phone: full screen ads from an app that hides itself from the user. I have had to uninstall one of those not too long ago and it came from the Play Store
5. Phone: access to calls/SMS for further phishing
6. Phone: (rare) malware with exploits to escape the sandbox and then likely to target banking applications or whatever
7. Server: untargeted attacks want to implant a cryptominer or use your server for DDoS

Arguably the landscape is more hostile than it was many years ago. More people on the internet, more internet services, especially financial, are all reasons for increased criminal activity. We will not have our peace of mind until the desktop operating systems turn their APIs upside down and start sandboxing programs by default. Only then will any occasional malware damage be localized. What does Microsoft care about instead? Reinforcing their Windows kernel to exert more control. All while any user-run program can encrypt everything that the user has access to and cares about: their data and photos. Ahhhhhh rant over 

[fishbasketballaries 19]

Worth noting that this thread was likely opened by the operator of this "TikTok 18+" website. The email address (danielmartinhq @ gmail.com)  on the About Us page shares the same name as the OP. The whole website looks incredibly shady. The app download serves a 135.4 KiB APK file. For comparison, the official TikTok app is 456.9 MiB. No thanks!