Cyber​​security experts: Companies should consider TikTok ban after European decision

Companies must consider whether they will allow their employees to put social media app TikTok on their work phone, said Daan Keuper, researcher at cybersecurity company Computest. The European Commission decided on Thursday that civil servants working for them may no longer have the app installed on their work devices for fear of espionage. The EU executive body has concerns about the Chinese app’s security.

“We are doing what we have to do in the current context,” European Commissioner Thierry Breton said when he confirmed the decision. “The European Commission is an EU institution and we are very focused on the security of our data,” said Breton. The decision applies to over 30,000 working for executive body. The United States government made a similar decision, and in the Netherlands a majority of the Tweede Kamer also wants a ban on TikTok on government officials’ work phones.

TikTok is owned by Chinese technology company ByteDance and has come under fire since the company admitted that certain employees had access to users’ data in the United States and Europe. This has fueled the fear of espionage.

“It is difficult to say whether that fear is well-founded. There is no hard evidence, it is speculation,” said Keuper. “But Chinese companies must comply with Chinese laws and regulations. The government there can enforce quite a lot. TikTok says it never cooperates with requests from governments to access the data, but the question is how difficult is that?”

TikTok keeps track of exactly what its users are doing. The app sees where someone is and which browser and phone someone has. In addition, the app can access a user’s contact list. Other social media apps, such as Facebook, do the same. “The difference is that they are more distant from the US government than is possible in China. Facebook can say ‘no’ more easily. For the first time, we are dealing with a platform here that is this big and that is located in China. And information like that, the user’s metadata, could be very interesting for China,” said Keuper.

Keuper is not too concerned about the TikTok app itself accessing confidential documents on a phone. “Influencing people is a big risk: TikTok determines what you see and can thus form your opinion and your image of the world. Where I think the most risk exists is that TikTok can see where government employees are and, for example, with whom they have contact. Or that they know where the top person of a company is going.”

He hypothesized that when spies know that type of information, they could use that knowledge to compose phishing emails.

According to Keuper, a total ban is not wise or necessary, but “it would be smart to take a critical look at TikTok. If your company is sensitive to espionage, you should take a critical look at which apps you let people use. Espionage is not something fictional; it happens daily.”

In the meantime, European Commission staff must remove the app as soon as possible, the organization said. According to a spokesperson, the “security measure is temporary” but he would not say why the decision was taken now or what needs to be done to allow the app again.