TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
In an article on Malwarebytes labs, we read that Brendan Carr, the commissioner of the FCC (Federal Communications Commission), told Tim Cook and Sundar Pichai that “TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.”
TikTok’s Data collection and unclear use of that data
Some of the data that TikTok is said to collect, includes but is not limited to, search and browsing histories; keystroke patterns; bio-metric identifiers—including face-prints. On top of these slices of personal data, TikTok may also collect voice prints—location data; draft messages; metadata; and data stored on the clipboard, including text, images, and videos.
Now, this is not something unheard of as numerous apps collect and store personal data. This is a non-issue for apps that are clear about collecting data, but these must also say how they use the data they collect. TikTok, it appears, is one of those apps that does not abide by the data collection and storage clause.
In the letter from Carr, he states:
“Numerous provisions of the Apple App Store and Google Play Store policies are relevant to TikTok’s pattern of surreptitious data practices—a pattern that runs contrary to its repeated representations,”
“For instance, Section 5.1.2(i) of the Apple App Store Review Guidelines states that an app developer ‘must provide access to information about how and where the data [of an individual will be used’ and ‘[d]ata collected from apps may only be shared with third parties to improve the app or serve advertising.”
How might this impact Network Security?
You should consider how TikTok’s unclear data collection might affect your network security in two ways:
- Personal TikTok accounts
- Business TikTok accounts
When you see TikTok, some of you will assume this does not apply to you, however whether you have your own TikTok account or not, you should evaluate if anyone else in your family or friends are using their TikTok account on your home network/Wi-Fi. This is a concern where you work from home on the potentially compromised connection or if you have a work mobile phone that is connected to your home network.
If a hacker uses the data collected from a TikTok account to gain access to your home network, you are already compromised, and give the attacker a way in to your organisations network.
In addition, when you think of the prevalence of Social Media accounts in digital marketing strategies across industries, it would not be unusual for a company to have a TikTok account. The threat and potential for a network attack is increased ten-fold when you have a member of staff using a device on your organizations network to update a company TikTok.
If you are concerned about your network, you can talk to one of our Ward Solutions Specialists and we can talk you through your best plan of action
If you would like to do some more investigation into your options, you can download our Infographic on network security.
We at Ward solutions understand the difficulties in employing an organic model that allows for scalability. Your SOC and NOC team are more than likely at maximum capacity when it comes to dealing with ransomware attacks. Our experts provide a 24 x7 model with OPEX opportunities that allow teams within the organisation feel relaxed knowing our team is there to help.
Ward Solutions is a full service, full security lifecycle provider. If you don’t have the right manpower, tools and expertise then consider partnering with a Security consultancy and managed cloud security service provider with the knowledge and skills to help supply or augment your CISO, Security engineering and security operations resources. Talk to us today to see how we can help.