Strip away the safety-first framing and TikTok's announcement this week is striking in its bluntness: the platform has told the BBC it will not introduce end-to-end encryption (E2EE) for direct messages, a feature now standard on virtually every competing platform. The decision was confirmed at a security briefing at TikTok's London office.
E2EE means only the sender and recipient of a direct message can view its contents, making it the most secure form of communication available to the general public. TikTok said implementing the technology would prevent its safety teams or law enforcement from being able to read messages if needed. It described the stance as a deliberate decision to set itself apart from rivals.
E2EE is already the default on Signal, WhatsApp, Facebook DMs and Messenger, Apple's iMessage, and Google Messages. TikTok is now the most notable holdout among major platforms. The company says messages are still protected by standard encryption, and only authorised employees can look at direct messages, and only in certain situations, such as in response to a valid law enforcement request or a user report about harmful behaviour.
The China question won't go away
The announcement lands awkwardly given TikTok's ownership structure. The social video platform is headquartered in Los Angeles and Singapore, but owned by Chinese tech giant ByteDance. Alan Woodward, a cybersecurity professor at Surrey University, told the BBC that "Chinese influence might be behind the decision", noting the geopolitical tension surrounding the app's data practices. The technology is not typically implemented in China, where ByteDance is located, though TikTok did not say whether its parent company had an influence on its decision.
Collecting private chats in a readable format theoretically allows TikTok to share them with the Chinese government, and it also, as one cybersecurity researcher noted, "draws a big target on TikTok's back for hackers who might want to get a hold of all that easily readable data."
For Australian users, this context is not abstract. A TikTok executive admitted in 2022 that Australian user data could be accessed in China, and China's national intelligence law obliges citizens and organisations to support, assist and cooperate with national intelligence efforts, which likely includes ByteDance. The Australian government has already banned TikTok from government devices, citing what it described as significant security and privacy risks.
Child safety groups offer a different read
To dismiss TikTok's stated rationale entirely would be unfair. The safety argument carries genuine weight, particularly given the platform's enormous young user base. Critics of E2EE have said the technology makes it harder to stop harmful content spreading online, because it means tech firms and law enforcement have no way of viewing material sent in direct messages.
UK child protection charity the NSPCC welcomed TikTok's decision, citing the platform's popularity with young people. "We know just how risky end-to-end-encrypted platforms can be for children, preventing the detection of child sexual abuse and exploitation and contributing to a worrying global decline in reports," said Rani Govender, its associate head of policy for child online safety. The Internet Watch Foundation, which monitors and removes child sexual abuse material from the internet, also applauded the decision, with its chief technology officer calling it an important precedent at a time when platforms appear to be rushing to implement E2EE without fully considering the implications.
Combustible optics in the Australian context
Social media industry analyst Matt Navarra described TikTok's decision to "swim against the tide" as savvy, but said it comes with "pretty combustible optics". Navarra said the move "puts TikTok out of step with global privacy expectations" and might reinforce wariness about its ownership.
The timing is particularly pointed in Australia. As of 10 December 2025, Australians under 16 can no longer access their TikTok accounts or create a new account, in response to the Australian government's social media age restrictions. Under Australian law, TikTok and other covered platforms face fines of up to $49.5 million if they fail to take reasonable steps to remove the accounts of Australian children younger than 16. The eSafety Commissioner continues to monitor compliance closely.
The tension here is real. Those who care about protecting children online have legitimate reasons to support TikTok's position. Those who care about digital privacy and sovereignty, including Australians who want their private messages to remain genuinely private, have equally legitimate reasons to be troubled by it. What's clear is that TikTok's refusal to encrypt DMs is not a simple safety call; it is a policy choice freighted with geopolitical implications. The Office of the Australian Information Commissioner and policymakers should watch it closely.