Mobile devices now make up about 60% of the endpoints on a company network. This shines a new light on the need for mobile security to be a top priority.
With the bulk of workloads moved to mobile devices, organizations in the Chesapeake area need to evolve how they think about IT Security. This means looking at things like the types of apps that share space with company data on a device used for work.
An app that has been in the news lately as a potential security threat is TikTok. This video-driven social media app gained millions of users during the pandemic. This led to new scrutiny.
The app is currently banned by branches of the U.S. Military, the country of India, and Wells Fargo Bank. A country-wide U.S. ban is also on the horizon.
The controversy stems around two factors:
- The app collects a lot of personal data from users, including location data
- The company that owns the app resides in China, thus the app could be used for spying by the Chinese government
Should your company worry about TikTok installation on work devices?
We’ll go through what you need to know about the app next.
What You Should You Know About TikTok
Beijing based company, ByteDance, created TikTok. It was first launched under the name Douyin in the Chinese market in 2016 and still goes by that name in China. ByteDance launched the app under the name TikTok in other countries in 2017.
Here are some facts about the app, the data it collects, and data sharing. This information should help with an informed decision about this social media app. Including if it should reside on company devices.
TikTok Data Storage is Outside the U.S.
In efforts to keep TikTok outside the strong censorship of the Chinese government, Byte Dance took an important step. It chose to store user data outside of China on servers in Singapore and here in Virginia.
The company states this is a safeguard against the Chinese government getting data.
But ByteDance is still located in China. This leads many to speculate that it wouldn’t matter where the data storage is. ByteDance still falls under Chinese law, and thus could receive an order to turn data over.
TikTok Collects Some Concerning Device Data
The TikTok app collects all the typical data you would expect on a social media platform. This includes user information and the content of your posts and any direct messages. It also includes details from people in your contacts if you give it permission.
But it also automatically collects some device data. Data that should concern companies that have employees using the app.
This includes:
- Keystroke patterns (you could interpret this to be logging each keystroke you make)
- The names of other apps on the device
- The names and types of files on the device
- GPS location data (if enabled)
What if a device has sensitive files identified by name (like: “U.S. Navy Bid Document”)? Having the app on that device could pose a potential security risk. This makes the collection of file names and types concerning.
A Government Request Could Mean Data Sharing
There are many parties that TikTok shares data with. These include vendors, partners, advertisers, and others in the corporate group. The firm also notes that it would share data based upon legal reasons.
The Chinese government could potentially obtain TikTok user data. It states in TikTok’s policy that it may disclose data to respond to “government inquiries.”
There Are Few User Protections from Data Collection
Users do have a few ways to control the data sharing through the app. This includes not giving permission to access a mobile device’s contacts. Users can also turn off GPS location data.
Users can also opt out of certain advertising tracking. They can be careful about the data they share over the platform, including in direct messages.
But there is no mention of being able to keep the app from collecting some of the most worrisome device data. This includes keystroke patterns and the names of files and apps on a device.
How to Gauge the Safety of a Mobile App
One way that organizations can control data leakage from work mobile devices is by using a CASB.
A cloud app security broker can grade applications based upon multiple risk factors. It will provide compliance and security information. It can prevent sharing of sensitive data with a risky app.
How Strong Is Your Mobile Device Security Strategy?
ZZ Servers can help your organization put safeguards in place that address risky mobile apps. We’ll ensure you have the protection you need for these important network endpoints.
Contact us today to schedule a free consultation. Call 800-796-3574 or reach out online.
