The app collects and transfers data even if deleted, a new report says.
A ban on TikTok in the United States or a sale of the app by its Chinese owner, ByteDance, will not resolve national security concerns or fears TikTok could be used to siphon Americans' data, according to a new cybersecurity report obtained by ABC News.
The report, from the cybersecurity company Feroot, said the app still has your data even if you've never used TikTok. And it's collecting and transferring that data whether or not the app is deleted, according to the report.
"TikTok can be present on a website in pretty much any sector in the form of TikTok pixels/trackers," the report said. "In many cases, the pixels/trackers immediately start executing and have little to nothing to do with the immediate business of the website owner."
Webpages associated with everything from airlines and e-commerce sites to technology companies and state and federal governments are riddled with TikTok's trackers called pixels, which are part of the code that loads into your browser from various websites, according to Feroot. They immediately link to data harvesting platforms that pick off usernames and passwords, credit card and banking information and details about users' personal health.
MORE: Biden administration demands TikTok's Chinese owners spin off their share or face US ban
Sites that require logins and authentications may think they're adding a layer of security, but TikTok's pixels just collect those names, passwords and authentication codes along with other data, according to Feroot.
The pixels transfer the data to locations around the globe, including China and Russia, often before users have a chance to accept cookies or otherwise grant consent, the Feroot report said.
TikTok is not the only company that uses its pixels throughout the internet. The report found Google, Meta and Microsoft, among others, use these trackers.
MORE: House panel votes to advance bill empowering Biden to ban TikTok
The company told ABC News on Thursday that since June, all new U.S. user data has been routed to the Oracle cloud, and since October, access to that secure environment has been limited to employees of TikTok U.S. Data Security; Today, those employees manage all access to U.S. user data.
A TikTok spokesperson told ABC News this week amid the Biden administration's call for ByteDance to divest from the app, "The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting and verification, which we are already implementing."
TikTok said it will continue to move forward with a plan called "Project Texas" to safeguard U.S. user data as it evaluates the administration's position.
ABC News' Elizabeth Schulze contributed to this report.