The NTC (National Cyber Security Testing Institute) has examined the risks of the Chinese TikTok app and has come to a worrying conclusion.
The NTC has published a 40-page security study on the TikTok app. The experts recommend that you critically examine the use of the app, especially on business and government devices, and reduce its use to the necessary minimum.
Technical security analysis of the mobile app “TikTok” by the National Cybersecurity Testing Institute NTC
Suspicion of possible security risks when using the “TikTok” app from the Chinese manufacturer ByteDance has led to this app being banned on government devices in numerous countries.
The EU Commission and the European Parliament also banned the app on employees' work cell phones at the beginning of 2023. Swiss authorities and companies also have to ask themselves how they should deal with the possible risks of using the app. for Cybersecurity (NCSC), the National Cybersecurity Testing Institute NTC took the initiative and tested the “TikTok” app.
The National Cybersecurity Testing Institute NTC tests what is otherwise not tested. At the suggestion of the National Center for Cybersecurity (NCSC), the NTC took the initiative to subject the “TikTok” app from the Chinese manufacturer ByteDance to a technical security analysis.
During the analysis, attention was paid to test conditions that were as realistic as possible without any special protective measures. The protection of personal data and security risks were the focus of the review. The aim was to assess the risk of possible surveillance and espionage when using “TikTok” on Android or iOS devices. Protection against manipulation, censorship and influencing political opinions were not the subject of the analysis. Likewise, within the time budget of around 40 person days, neither long-term technical observations nor all software components could be analyzed in detail.
The NTC's tests have shown that the behavior of the “TikTok” app basically meets the expectations of a social media app. No evidence of user monitoring was found. Nevertheless, this would be technically possible due to the extensive permissions that the user can grant to the “TikTok” app. In addition, under certain circumstances, vulnerabilities could be activated or created by updates.
It is noticeable that position data is often sent
In addition, the chat messages sent via “TikTok” are not end-to-end encrypted. However, it was found that part of the communication with the TikTok backend server, the content of which is unknown, is also encrypted.
Users should therefore grant the “TikTok” app no or only limited permissions, close the app after use, never share contact details with the app and use other channels for business and confidential communication.
In summary, the National Testing Institute for Cybersecurity NTC recommends that the use of the “TikTok” app be critically examined, especially on devices that are used in a business and official context.
This generally applies to all apps that have extensive permissions and are of limited use in a business and government context. Further information: NTC security analysis TikTok
Source: National Cyber Security Testing Institute NTC
Also read: FBI warns again: TikTok poses potential threat to national security
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )