TikTok has confirmed it will not implement end-to-end encryption for its messaging service as encryption would prevent law enforcement and its own safety teams from being able to investigate direct messages on the platform.
“Grooming and harassment risks are very real in DMs [direct messages] so TikTok now can credibly argue that it’s prioritizing ‘proactive safety’ over ‘privacy absolutism’ which is a pretty powerful soundbite,” the company said.
The platform described the decision as deliberate, framing it as a commitment to protecting users, particularly young people, from harm, and as a conscious choice to set itself apart from rival apps that have moved toward encrypted messaging.
The announcement is a significant one given TikTok’s history. The app has faced years of pressure over its relationship with ByteDance, its China-based parent company, and the risk that user data could flow back to Chinese authorities. Under China’s national cybersecurity regulations, companies are legally required to share data with the government on request.
That background makes TikTok’s decision to keep messages unencrypted particularly notable. If law enforcement can read TikTok DMs, so, at least in theory, can ByteDance, and by extension, Chinese state authorities. The app’s record on this front is not clean. In 2022, the Financial Times reported that ByteDance had used TikTok’s internal systems to track the movements of American journalists the company suspected of being in contact with employees who may have leaked commercially sensitive information.
TikTok data was cross-referenced with employee location tracking to identify the likely source of the leaks.
That episode did not involve reading private messages directly, but it demonstrated that TikTok’s infrastructure has already been weaponised by its parent company to monitor individuals without their knowledge. The possibility of that capability extending to unencrypted DMs is not theoretical.
It was precisely this risk that drove the US government’s push to force TikTok into American ownership, severing its operational ties with ByteDance and removing the legal pathway through which Beijing could demand access to user data.
TikTok’s stance does, however, align with a view held by many governments, particularly in the United Kingdom, where officials have spent years pressing Meta to abandon its plans for end-to-end encryption across its messaging platforms. The argument from law enforcement is consistent: encryption shields criminal activity, obstructs child abuse investigations, and makes it structurally impossible for platforms to detect and report harmful content in real time. Those concerns are not without merit. Child protection organizations have repeatedly warned that encryption could significantly hamper the identification of abuse material shared through private channels.
The difficulty is that TikTok’s reassurances about how its unencrypted messages will be used are only as credible as its relationship with its parent company is transparent, and that relationship has never been fully resolved. ByteDance’s Chinese ownership structure, and the legal obligations that come with it, mean that a policy of accessible messages represents a very different risk profile than the same policy at a Western-owned platform.
Keeping DMs visible to safety teams in Dublin or London is a different proposition from keeping them visible in a system that Beijing has a legal right to access. TikTok’s framing conflates the two, and that conflation is precisely what its critics are unlikely to let pass quietly. Moreover, China-owned companies are required by that country’s cybersecurity regulations to share data with its government on request.
TikTok disclosed this new policy while talking with the BBC at its London office.
