The Government’s TikTok Ban Overshadows Mobile Security Concerns

By Aaron Cockerill, Chief Strategy Officer, at Lookout

In the hit Netflix show “Wednesday,” the character performs an awkward yet hypnotizing dance that quickly became the rage on TikTok. While TikTok is primarily known for fun, viral moments, it is not without utility for government agencies. The app features a primarily young audience of teenagers and young adults whom governments may want to reach to promote jobs, services, programs, and other opportunities.

There is a problem though. Chinese technology company ByteDance, which owns TikTok, has come under fire for its suspect data privacy policies, resulting in legislation banning TikTok on government-issued devices for fear of the app becoming a gateway for malicious invasions. This decision highlights a larger mobile security problem within the federal government.

Bans Alone Will Not Remove the Threat

Several state governments have already banned TikTok on agency devices. However, a ban alone does not eliminate the threat of TikTok or any other potentially harmful application. With increased telework and using personal devices for work, many employees may unknowingly expose sensitive data and information. And the challenge with TikTok is not just mobile devices but any enterprise device. In addition, TikTok leverages hundreds of different content delivery networks, which makes it difficult to control.

Some of the notable concerns with TikTok is that the app records where the user is when they use the app, what sites they access through the TikTok app, and records their interests against TikTok maintained categories – all of which could end up in the hands of the Chinese government. Furthermore, there is unease that the Chinese government could directly impact the content that Americans see on the platform. Whether it’s producing the content themselves or modifying TikTok’s algorithm, the impact that social media can have on perception and public discourse, including politics, is well documented.

Agencies must look toward mobile device management software with app identification and blocking for their agency devices. For personal devices, agencies should look for privacy respecting tools. They can use these technologies to add TikTok to a deny list that will block any user access to their domains, single sign-on, and enterprise apps until the app is removed.

Why U.S. Mobile Security Needs a Fresh Look

According to Lookout’s 2022 Government Threat Report, there was a steady rise in mobile phishing encounter rates for state and local governments across both managed and unmanaged devices, increasing at rates of 48% and 25% respectively from 2020 to 2021. This steady climb continued through the first half of 2022. Furthermore, nearly 50% of state and local government Android users are running outdated operating systems, exposing them to hundreds of device vulnerabilities. Given these concerning numbers, mobile security must remain a priority for government agencies.

The TikTok ban brings new light to the vulnerabilities created by the mobile attack surface. Federal agencies and the mobile security community want more attention to this growing security challenge. Maintaining high visibility into the mobile threat landscape needs to remain at the forefront of every agency’s security strategy, especially as more workplaces adopt hybrid and remote models.

Eliminating access to apps like TikTok can help improve mobile security, but this ban looks like little more than window dressing. The federal government needs to continue emphasizing the importance of mobile security, and re-energized metrics would provide a step in the right direction.

For more information on how Lookout supports federal government agencies, click here.