The US Senate has passed legislation to ban federal employees from using TikTok on state-owned devices. Is the Chinese operator of TikTok, ByteDance a danger? Possibly also for European or German officials and government employees?
The vote is the latest action by US lawmakers to crack down on Chinese company ByteDance amid national security agencies' fears Beijing could misuse the TikTok app deployed on officials' mobile devices to spy on Americans. A comment from Akhilesh Dhawan, Senior Director of Security Solutions at Lookout.
Does TikTok want to spy too?
“The recent spate of state agencies banning TikTok on state-owned devices is a step in the right direction from a security perspective and a sign that these agencies are recognizing the potential threat posed by foreign governments accessing data through potentially dangerous apps received from government employees. However, this move alone does not completely eliminate the threat posed by the social media giant.
With the rise of telecommuting and the use of BYOD (Bring Your Own Device), government officials who have TikTok installed on their personal devices — which are also used to access sensitive government data and information — could unknowingly expose their employers to threats.”
Suspicion of subtle indoctrination techniques
“Apart from the security of personal data, there is a greater concern about covert and subtle indoctrination techniques through the use of TikTok's algorithms. This is important to note as we have seen the success of the divisive nature of nation-state threat actors who have launched disinformation campaigns targeting presidential campaigns, various state electoral boards and voter registration systems, and individual political figures.
As we have seen, TikTok can secretly collect user device data e.g. B. when, where and how the users carry out Internet activities. Geolocation alone can pose a national security concern, as we saw when US soldiers mistakenly posted their runs at a hidden US base on a popular training app. That's why the Navy and other military organizations banned TikTok, and now the states are following suit."
TikTok secretly collected user data
“The biggest challenge with this problem is creating a policy that blocks corporate access from any device that has TikTok installed. TikTok is thought to use hundreds of different Content Delivery Networks (CDNs), which could make control more difficult, so an approach like DNS filtering wouldn't work here. App identification and blocking can be controlled using Mobile Device Management (MDM) software.
TikTok has been banned from use by foreign states and US companies for years, and US federal agencies have long used Unified Endpoint Management (UEM) to block this app. Hopefully, the early momentum in banning the app by government agencies indicates a larger trend, and more importantly, these agencies are evolving their approach to mobile and cloud security to accommodate the needs of the modern and mobile workforce, respectively, and their IT usage carry."
Unified Endpoint Management (UEM) for app management
“Some government agencies are now using Lookout Mobile Endpoint Security, which can block TikTok by adding the app to a block list when the app is detected on a device. A government agency could then block access to their domains, single sign-on (SSO), and enterprise applications and data until TikTok is removed from the user.”
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.