6

BBC Advises Staff To Delete TikTok From Work Phones - Slashdot

 1 year ago
source link: https://news.slashdot.org/story/23/03/21/0420223/bbc-advises-staff-to-delete-tiktok-from-work-phones
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

BBC Advises Staff To Delete TikTok From Work Phones

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area.
×

BBC Advises Staff To Delete TikTok From Work Phones (bbc.com) 47

Posted by BeauHD

on Tuesday March 21, 2023 @06:00AM from the clock-is-ticking dept.

The BBC has advised staff to delete TikTok from corporate phones because of privacy and security fears. From a report: The BBC seems to be the first UK media organisation to issue the guidance - and only the second in the world after Denmark's public service broadcaster. The BBC said it would continue to use the platform for editorial and marketing purposes for now. [...] The big fear is that data harvested by the platform from corporate phones could be shared with the Chinese government by TikTok's parent company ByteDance, because its headquarters are in Beijing. In an email to staff on Sunday, it said: "The decision is based on concerns raised by government authorities worldwide regarding data privacy and security. If the device is a BBC corporate device, and you do not need TikTok for business reasons, TikTok should be deleted from the BBC corporate mobile device." Staff with the app on a personal phone that they also use for work have been asked to contact the corporation's Information Security team for further discussions, while it reviews concerns around TikTok. Dominic Ponsford, editor-in-chief of journalism industry trade publication the Press Gazette, said it would be interesting to see what other media organizations decide to do. He told the BBC: "I suspect everyone's chief technical officer will be looking at this very closely. Until now, news organizations have been very keen to use TikTok, because it's been one of the fastest-growing social media platforms for news publishers over the last year, and it's been a good source of audience and traffic. So most of the talk in the news media has been around encouraging TikTok rather than banning it."

Ban TikTok but let China make all our stuff.

Governments are fucking stupid.

What exactly is the tik tok app so capable/is doing? Stealing data? How? Is this a technical thing or a policy/signaling thing?
  • Since it is an app on your phone, it could (at least potentially) get access to everything on your phone.

    I have neither installed not used the TikTik app, but I assume it asks for various permissions while getting installed. If these permissions are used for legitimate purposes, the app should not be a threat. But if the permissions are used for nefarious purposes, the app is a problem, the severity of which depends on whose phone it is installed on.

    To complicate matters, TikTok is a Chinese company (or at least the owners are), which makes it subject to the whims of the CCP, who have previously made it obvious that they will stop at nothing to get what they want (eg the Tian nan men massacre). If I were some high-ranking official in any organisation, I would assume that the CCP will want to eavesdrop on me: they might not get anything useful, but why miss the possibility?

    • Re:

      On modern versions of Android and iOS, many permissions are requested at run-time rather than given during installation. Things like access to contacts, access to location data, access to files.

      It is possible that an app contains a currently unknown exploit to get access to those things, but it seems unlikely that anyone with such an exploit would waste it on TikTok. It would quickly be discovered and fixed. To be effective, those vulnerabilities need to be targeted at individuals so that samples are harder

      • With reporters, just gaining access to your contacts could reveal potential sources. Shit talk the CCP and expose something they did, pull their contacts and look for anyone with access to that info. Then go murder the source. Its always been the CCP playbook. The vulnerability of the media is one of the least sophisticated exploits needed.

        • Re:

          Yes, and access to contacts has been a run-time permission request for years.

          Another option is to make use of Android's built in work profile system. Basically you can have two separate profiles on the phone, a personal one and a work one, with separate contact lists. There is an open source app called Shelter that helps manage it on a per-app basis. Very handy for isolating apps you need but don't trust.

          For an org like the BBC though you'd like they could just give journalists who need TikTok for some reas

          • Re:

            You really think your average BBC employee is that smart? The odds of good looking Tits & Ass also having a brain are astronomically against. Eye candy tends to be Ken & Barbie level stupid. Much easier to tell them to remove the app and be done with it. Its not just the journalists that are vulnerable btw. Behind the scenes there are a multitude of workers that might have to contact these sources to coordinate interviews and other aspects that could leave these contacts on their devices too, even i

      • Apps ask for permissions for some things, not all things. An app could phoning home with your IP address every minute and you wouldn't know. If could be running port scans on other devices sharing the same network and you wouldn't know. It might even know of an exploit that elevates its privileges, or use the privileges you've already granted it to do extra things - track location, listen in on conversations, access photos, take video footage, send or receive an SMS.

        Many apps have legitimate reasons for needing permissions and so they make perfect vehicles for governments who might want to spy on opponents or critics. I imagine TikTok is such an vehicle so it is prudent to ban it from government devices. But I'd say that all social media should be banned from such devices unless a person has a legitimate reason for needing them for their job.

        • Re:

          Apps could do all that, and get past the Play Store security. But that's not a TikTok issue, there are millions of apps and any of them could be doing it. In fact we know for a fact that Facebook's app is rather nosy.

          You can make the argument, but it needs to say why TikTok specifically. There are lots of other apps, many of them from Chinese or unknown vendors.

    • Re:

      So how is Groogle, Amacon, FaceChook also not harvesting your data? Under the USA Cloud Law, they are beholden to the US. The only time I use social media is to give false messages, like I will vote for A because.. But really vote B. As you grow older, you become my cynical and 'Nudges and targeted marketing' achieve the opposite.

      • Re:

        You also become incapable of calling things by their actual names for some reason?

        • Re:

          Afraid the Groogle Cops will track him down.

  • ByteDance have used it in the past to spy on journalists and identify whistleblowers so there's that. And the general perception that the company is under the thumb of the Chinese government. Not hard to see why government & journalistic outlets, including the BBC should be extremely wary of TikTok.

    Of course it's not the only app that should ring alarm bells. It would be sensible for governments, political parties and big orgs to whitelist what apps they allow on their devices, or their networks and impress upon users the importance of sticking to those rules.

      • Re:

        Facebook, Twitter, Instagram etc. Ban the lot of them. Few people in governments need social media accounts on their work devices, and if they do they can be special cased.

  • Re:

    It's horning in on all the other governments siphoning our data. We all know the US does it, and the chances that the UK doesn't do it as well are so vanishingly small as to be absent altogether. That's really what it amounts to.

    I mean, I wish we could stop all the governments of the world from siphoning all our data all the time everywhere, but I guess it's a nice virtue signal to get all upset about China doing it. What, exactly, they're going to gain from tons of videos of dancing pre-teen girls I'm not

  • Re:

    Neither, it's allowing citizens of a "free" country communicate too freely with each other. It has the potential to topple governments, tilt elections, enable protests, etc.

  • Re:

    It's 2023. Decades after social media came along. If you're still asking these kinds of questions, then you are still unaware that you are The Product being bought and sold.

    One would have thought a 19-year old Mark Zuckerberg would have made that clear back when his business justification was summed up in two words: Dumb Fucks.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK