Is It Safe for TikTok to Be Used on Company Devices?

Is It Safe for TikTok to Be Used on Company Devices?

One of the challenges in today’s modern office is keeping up with mobile device security. Being able to work from computer or phone fluidly has been shown to improve productivity but keeping those devices from leaking too much data isn’t always straightforward.

Malicious mobile apps can be a major problem for data security, HIPAA compliance, and malware threats, and they tend to fall into two categories:

  1. The ones that purposely plant malware
  2. The ones that access and gather too much personal data, which can then be compromised

87% of successful phishing attacks on mobile devices happen outside of email (apps, etc.)

TikTik is the second variety. A mobile app that isn’t malware, but it does collect quite a lot of personal data, including names of other apps and files on your smartphone.

The big danger is that TikTok is owned by a company based in China, called ByteDance, which leaves many to worry that the Chinese government could demand all that personal data that’s being collected from millions of user devices and use it for nefarious means.

When dealing with data security on company devices, you need to think beyond antivirus/anti-malware protections and take a hard look at the apps installed on the device to see if they’re safe or accessing too much sensitive information.

Considerations About the TikTok App

Here are a few of the considerations when deciding whether or not to ban the use of TikTok on mobile apps used for your company’s work processes.

TikTok Data is Stored Outside China

The company that owns TikTok states that its data is not subject to Chinese law because it’s stored on servers outside the country. ByteDance states that user data is stored on servers located in the U.S. and Singapore.

The Company That Owns TikTok is Based in China

ByteDance is based in Beijing, China, so the company itself is subject to Chinese laws, even if its data is stored outside the country. This worries many that it could still be required to turn over user data that could then be exploited by the Chinese government.

TikTok Collects a Lot of Device & User Data

If you use TikTok, you’re giving the company access to quite a bit of device and user information. Even without the ties to the Chinese government, its privacy policy would have any IT team concerned.

Exactly how much data it can collect from your device does depend upon a few settings, i.e. whether or not you allow it to track GPS location. But the types of data collected is quite concerning.

Here are some of the types of data collected by the TikTok app and in the control of ByteDance:

  • Any information you send through the platform, including messages
  • Your contacts/phone book on your mobile device
  • Your registration & profile information (name, phone, email, password, etc.)
  • Payment information when used for a purchase
  • You device carrier, mobile, time zone setting, IP address
  • The apps and file names on your device
  • Keystroke patterns or rhythms
  • Location data, including information based on your SIM card

Government Agencies Have Banned the App

The armed forces (U.S. Air Force, Navy, etc.) have banned the use of TikTok on their devices due to security concerns.

A complete ban of the app is also currently pending. The White House has threatened a ban on both TikTok and WeChat (another app owned by a Chinese-based company) unless the apps are sold to a U.S. company.

TikTok’s Privacy Policy Leaves Users at Risk

All that data collected by the platform can be shared with a whole lot of other entities. While the app’s privacy policy states it does not sell user data to third parties, it does share it with the following:

  • Service providers and business partners
  • Within their corporate group (parent, subsidiary or affiliates)
  • In connection with a sale, merger, or other business transfer

Further, there is a risk involved if ByteDance were to receive an order from the Chinese government to turn over user data. The policy states:

“We may disclose your information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security of TikTok Inc., the Platform, our affiliates, users, or the public.”

Items You Can Opt-Out Of On TikTok

There are certain types of information shared that can be opted out of on TikTok. The company states that users can limit the data TikTok collects in the following ways:

  • Disable cookies in your browser or on your device
  • You can manage advertising preferences in the app for some third parties
  • Use any device operating system features that limit certain types of targeted advertising
  • Unsubscribe to marketing emails from TikTok
  • Turn off GPS location functionality on your mobile device

Ensure Mobile Devices Aren’t Leaving Your Company at Risk

Mobile devices now make up about 60% of a company’s endpoints. Make sure yours are secure and protected by working with C Solutions.

Schedule a free technology consultation today! Call 407-536-8381 or reach us online.