The UK has announced a ban on TikTok on government phones, becoming the latest country to have banned the Chinese-owned video app over raised security concerns.
The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.
The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.
In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.
When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…
Javvad Malik, lead security awareness advocate at KnowBe4:
It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties.
Tom Davison, Senior Director Engineering International at Lookout:
If this ban goes ahead it will follow similar decrees already issued by the European Commission and the US government. The concern here is the level of access to data which TikTok affords its parent company ByteDance, which is a Chinese company headquartered in Beijing. Governments and businesses are increasingly concerned by the volume of data which 3rd parties and foreign states might be collecting.
Mobile apps in particular are a real source of risk given the the amount and type of data they are able to collect on their users. Upwards of 60% of internet traffic now originates from mobile devices making them the prime target for data collection and surveillance. Increasingly users mix personal and work apps on the same device, drastically increasing the risks for governments and business who are tasked with controlling data sovereignty, privacy and protection. All mobile apps will be sending data somewhere and it is essential that this is understood and considered. For example, Lookout tracks over 9 million other apps that have the capability to send data to China. While they may not necessarily be malicious there is a fundamental issue of lack of awareness which is only just beginning to be acknowledged.
“The National Cyber Security Centre publishes advice on drafting and implementing ‘Bring Your Own Device’ and ‘Acceptable Use’ policies so why they don’t have any for Government staff is unclear. Most Social Media platforms gather vast amounts of data that users would rather they didn’t, but personal choice allows individuals to trade their privacy for functionality. They really shouldn’t be allowed to apply the same approach whilst they are engaged in Government business at any level. We’re clearly jumping on the Bad-TikTok bandwagon here but a more useful exercise would be to review and restrict Social Media access across the estate.”