TikTok has decided not to introduce end-to-end encryption (E2EE) for its direct messages, saying the move could put users, particularly young people, at greater risk.
The social media platform said its choice is deliberate, setting it apart from competitors who have made E2EE standard to protect user privacy.
End-to-end encryption ensures that only the sender and recipient can see the contents of a message, a feature widely used by apps like WhatsApp, Signal, and Apple’s iMessage.
Proponents argue it is the most secure way to protect conversations from hackers, companies, and even governments.
However, critics point out that E2EE can make it harder to stop harmful content, including abuse and illegal material, because neither tech companies nor law enforcement can access messages.
TikTok, which separated its US operations from the global business earlier this year, maintains that its messages are still protected by standard encryption.
Only authorised employees can view messages, and only under certain conditions, such as in response to a verified law enforcement request or a report about harmful behaviour.
The platform, owned by Chinese tech giant ByteDance but headquartered in Los Angeles and Singapore, said its approach is intended to keep users safe while allowing support teams to act if needed.
Social media analyst Matt Navarra described TikTok’s decision as smart but noted potential concerns.
“Grooming and harassment risks are very real in DMs so TikTok now can credibly argue that it's prioritising 'proactive safety' over 'privacy absolutism' which is a pretty powerful soundbite,” he told the BBC. He added that it could also make some users wary due to the platform’s ownership.
Child protection groups in the UK have welcomed the move. The NSPCC highlighted the risks of E2EE for children, saying it can prevent the detection of sexual abuse and exploitation.
“We know just how risky end-to-end-encrypted platforms can be for children, preventing the detection of child sexual abuse and exploitation and contributing to a worrying global decline in reports,” said Rani Govender, associate head of policy for child online safety. The Internet Watch Foundation also praised TikTok, saying its choice sets an important precedent.
Cybersecurity experts have suggested that TikTok’s decision may also be a way to maintain cooperation with law enforcement and regulators, ensuring the platform can continue to protect its millions of young users.
Currently, E2EE is default on apps like WhatsApp, Signal, and iMessage, while Instagram is gradually rolling it out for direct messages. Other platforms, like Telegram, offer it as an option, and Snapchat and Discord are expanding E2EE for media and calls. TikTok, by contrast, relies on standard encryption with controlled employee access, highlighting its focus on safety over privacy absolutism.
