I'm on the fence with this one. Yes, user data is a lot more valuable than anyone (other than the people in the data brokerage business) realizes. I don't have the app installed, but all recent versions of Android (and probably iOS) don't just hand apps the ability to get location data. In Android, if you pick anything more permissive than "only when the app is running" you have to tap though a couple of warning panels. But that doesn't mean TT hasn't figured a way around that. As I remember, they got caught tracking some reporters as they were trying to find a leak in their own company, so "we don't do that" isn't particularly believeable.
As Byte Dance is China based the Chinese Communist Party can just requisition whatever user data they have - and I think they might be under pressure from the CCP to not give up control of their company, just given their reluctance to find a buyer. And the CCP does seem to be very motivated to get as much on the US as they can, just given what the FBI has dubbed 'Salt Typhoon" (if that sounds unfamiliar, google it for the full unsettling story*).
None of this is to say either Facebook / Instagram, Ex-Twitter, Lnkedin, etc. are any more respectful of user data, but they're not obligated to hand that data over to the CCP. I wish we in the US had user data protections similar to those in the EU. I try to use EU servers whenever there's a choice - but that's me.
*The FBI - the agency that has been slowing the availability of encrypted comms for anyone in the US - is actually *recommending* that we all get Signal accounts (end-to-end encrypted voice and text). A major turnaround that says just how bad it is.