The UK has announced a ban on TikTok on government phones, becoming the latest country to have banned the Chinese-owned video app over raised security concerns.
The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.
The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.
In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.
When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…
Javvad Malik, lead security awareness advocate at KnowBe4:
It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties.
Tom Davison, Senior Director Engineering International at Lookout:
“The National Cyber Security Centre publishes advice on drafting and implementing ‘Bring Your Own Device’ and ‘Acceptable Use’ policies so why they don’t have any for Government staff is unclear. Most Social Media platforms gather vast amounts of data that users would rather they didn’t, but personal choice allows individuals to trade their privacy for functionality. They really shouldn’t be allowed to apply the same approach whilst they are engaged in Government business at any level. We’re clearly jumping on the Bad-TikTok bandwagon here but a more useful exercise would be to review and restrict Social Media access across the estate.”
Chris Handscomb, EMEA Solutions Engineer at Centripetal:
Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.
