Social media app TikTok has been banned on government electronic devices following a security review, the Cabinet Office has just announced.
The review studied “the potential vulnerability” of government data from social media apps on devices and risks around how sensitive information could be accessed and used by some platforms.
UK Security Minister Tom Tugendhat had this week asked the National Cyber Security Center (NCSC) to investigate the Chinese video-sharing app.
There will be some exemptions but only were relevant, such as the prevention of online harms.
A Cabinet Office statement said: “Given the potentially sensitive nature of information which is stored on government devices, government policy on the management of third party applications will be strengthened and a precautionary ban on TikTok on government devices is being introduced.
“Currently there is limited use of TikTok within government and limited need for government staff to use the app on work devices.
“This decision is in line with similar restrictions brought in by key international partners, including the US and Canadian governments, and the European Commission.”
Chancellor of the Duchy of Lancaster Oliver Dowden said: “The security of sensitive government information must come first, so today we are banning this app on government devices. The use of other data-extracting apps will be kept under review.
“Restricting the use of TikTok on Government devices is a prudent and proportionate step following advice from our cyber security experts.”
Muhammad Yahya Patel, Security Engineer at Check Point Software, said: “The decision to ban TikTok on civil servants’ devices is unsurprising and opens up a wider conversation around data privacy.
“Social media apps collect a significant amount of sensitive data, and if breached can act as a gateway to access wider enterprise networks. Unfortunately, mobile devices continue to be an area of weakness for most businesses with many having no strategies or technologies in place to protect against these security threats.
“I think part of this is because the lines are blurred when it comes to our phones when we use them both personally and professionally. But the threat landscape is evolving rapidly, and there is a need to make sure all devices are compliant with relevant policies that control what apps may pose a security risk.
“This ban should act as a reminder for all businesses that mobile devices are an often-forgotten attack vector and that now is the time to use a prevention-first approach to protect against the newest threats.”
TikTok requires users to give permission for the app to access data stored on the device, which is then collected and stored by the company.
Allowing such permissions gives the company access to a range of data on the device, including contacts, user content, and geolocation data.
The government, along with our international partners, is concerned about the way in which this data may be used.
The ban does not extend to personal devices for government employees, ministers or the general public.
Individuals should be aware of each social media platform’s data policies when considering downloading and using them, the statement added.
Specific exemptions for the use of TikTok on government devices are being put in place where required for work purposes.
These exemptions will cover areas such as individuals working in relevant enforcement roles, or for example for the purposes of work on online harms.