The social media app TikTok has been banned on UK Government electronic devices, the Cabinet Office announced yesterday.
Chancellor of the Duchy of Lancaster Oliver Dowden said: “The security of sensitive government information must come first, so today we are banning this app on government devices. The use of other data-extracting apps will be kept under review. Restricting the use of TikTok on Government devices is a prudent and proportionate step following advice from our cyber security experts.”
In more detail, the ban on government devices applies to government corporate devices within all government departments. This ban does not extend to personal devices for government employees, ministers or the general public. Individuals should be aware of each social media platform’s data policies when considering downloading and using them, the Cabinet Office said.
Exemptions will be granted by security on a case-by-case basis, with ministerial clearance as appropriate; such as for those working in enforcement roles, or for the purposes of work on online harms.
Among the Britons with accounts on the wildly popular TikTok site for sharing of short videos are the footballer Harry Kane, singers Sir Elton John and Ed Sheeran, and chefs Jamie Oliver and Gordon Ramsay.
For what TikTok has to say about its data collection practices see its blog.
Comments
Faki Saadi, Director of Sales UK and Ireland at the platform SOTI said: “Any app that harvests the data you put into it should be treated with caution. Especially for people trusted with sensitive company information. TikTok being banned from UK Government devices should act as a wake-up call to other organisations – do you have full visibility over the apps your employees have on their corporate devices? If not, perhaps now is the time to take stock. And it doesn’t need to be a heavy lift – there are solutions available that can do this for you, and wipe any unwanted apps in an instant.”
Robert Huber, Chief Security Officer at NASDAQ-listed cyber security platform Tenable, said: “There is a lot of debate in various countries about whether to ban TikTok, but the truth is that if we’re focusing on individual applications to improve security, we’re missing the forest for the trees. There are hundreds of software applications used in government agencies every day that introduce risk, and unpatched known vulnerabilities are the most likely source of data breaches. The key is for security leaders to understand their organisation’s unique risk profile, discover where vulnerabilities exist and prioritise remediation efforts to root out those that could be the most harmful first.”
And Nadir Izrael, co-founder at CTO of Armis Security, said: “As more and more attention turns to Chinese made devices, software and social media applications like TikTok, organisations – especially in government and critical services – will need to be able to quickly identify the assets that could potentially pose a threat to their businesses. In fact, recent research Armis conducted shows that 60 per cent of IT decision makers thought Chinese manufactured devices posed a risk to their organisations. Being able to map and track these assets accurately and quickly will have to become a key facet to cybersecurity strategies if these mandates are to succeed.”
US use
In the United States, an estimated 100 million use this app. Whether President Joe Biden will act on its use in the US appears to rest on the Committee on Foreign Investment in the United States (CFIUS) long-running review into ByteDance, the Chinese parent company of TikTok. White House Press Secretary Karine Jean-Pierre was yesterday stonewalling on the subject and pointing to CFIUS. President Biden has said before that he does not have TikTok on his phone.
Will LaSala, Field CTO, Americas said: “As a security person, TikTok being allowed to collect any and all data from a device is dangerous. There is talk about how a rogue nation could collect this information, monitor the movements of a population, and then use that to plan targets. This is real and is already happening — it’s how brick-and-mortar stores know you’re nearby and start notifying you of deals they are having. However, banning is always a band-aid and never a solution. Education is part of the solution, but really application providers and operating system manufacturers need to address some of the concerns.
“Apps can already self-protect from leaking information and allowing other apps access to their data. The problem is that many of these app providers are not using this technology and are actively avoiding it because it might hurt the user experience. This allows these bad actors and bad apps to glean even more information. Many app providers are relying on operating system manufacturers to secure their apps, but the operating system is never going to be completely secure due to the many different demands being put on its development. (That is not to say that the operating systems shouldn’t be addressing these problems.) Instead, app developers should be made aware of the security tools available, security tool vendors need to make sure they aren’t causing negative user experiences, and OS manufacturers need to implement controls that can be used to help mitigate the risks. Users should be able to quickly see what data is being collected, when it is being collected and for what purpose and should be able to shut off the stream of a specific type of data in real time at any time.”
