TikTok users are being urged to delete the app immediately after someone reverse engineered the platform and found it's allegedly stealing users' personal data.
The blockbuster Chinese app, popular among teens for uploading and sharing short videos, is nothing more than "a data collection service that is thinly-veiled as a social network", the male Reddit user who reverse-engineered the app wrote in a lengthy post.
"If there is an API (Application Programming Interface) to get information on you, your contacts, or your device ... well, they're using it."
The app reportedly tracks users' phone hardware – meaning their CPU type, hardware IDs, memory usage and disk space – as well as the other apps users have installed.
He wrote that the "scariest part" was that "much of the logging they're doing is remotely configurable, unless you reverse every single one of their native libraries and manually inspect every single obfuscated function".
TikTok's developers allegedly "have several different protections in place to prevent you from reversing or debugging the app as well".
"App behaviour changes slightly if they know you're trying to figure out what they're doing," he wrote.
"They provide users with a taste of 'virality' to entice them to stay on the platform. Your first TikTok post will likely garner quite a bit of likes, regardless of how good it is ... assuming you get past the initial moderation queue if that's still a thing. Most users end up chasing the dragon."
He also pointed to "creepy old men" having direct access to children on the app.
"I've personally seen (and reported) some really suspect stuff," he wrote.
"40-50-year-old men getting 8-10-year-old girls to do 'duets' with them with sexually suggestive songs. Those videos are posted publicly. TikTok has direct message functionality."
TikTok chief information security officer Roland Cloutier said the company was taking claims seriously but not all of the claims were accurate.
"In recent weeks there have been a number of claims made on the Internet about TikTok's security practices, including some claims that were made anonymously. We take these claims seriously and are in the process of conducting a full review and have determined that many of them are inaccurate or reflect analysis or older versions of the app that in some cases are years out of date."
Cloutier said the company's information security team runs a continuous process to check for security vulnerabilities and fix them.
"We include world-class security firms in these assessments."
"TikTok is committed to respecting the privacy of our users and being transparent with our community and security experts about how our app works. We are constantly striving to stay ahead of evolving security challenges, and we encourage our users to use the latest version of TikTok so that they can enjoy the best experience possible."
It comes after authorities in India – the top international market for TikTok – banned a slew of Chinese apps, including the platform, amid growing tensions between the giant neighbours.
Authorities accused the 59 banned apps, which also include Helo and Likee, of activities "prejudicial" to the "sovereignty and integrity of India".
"Deep penetration of Chinese platforms in an open democracy like India makes its future election processes vulnerable to outside interference and manipulation," one senior New Delhi-based digital industry analyst told AFP.
The ban was applauded by US Secretary of State Mike Pompeo earlier this week.
"We welcome India's ban on certain mobile apps that can serve as appendages of the CCP surveillance state," Mr Pompeo said, referring to the Chinese Communist Party.
"India's clean app approach will boost India's sovereignty and will also boost India's integrity and national security, as the Indian government cell itself has stated."