Actu
TikTok Hearing - Commentary from Lookout VP of US Federal
March 2023 by Frank Johnson, Vice President of U.S. Federal, Lookout
With the TikTok hearing taking place, the commentary from Frank Johnson, Vice President of U.S. Federal, Lookout. Johnson has been embedded in the tech and security space for over 30 years, including serving as the CIO and CDO for the city of Baltimore. Additionally, the House, the Senate, and their respective staffs, as well as a growing number of federal agencies, trust Lookout to mitigate the risks of data being shared with apps, domains, and IPs communicating with locations in China.
Momentum towards a nationwide ban is growing. This is a watershed moment in the U.S. for mobile security. The US government has recognized that apps that originate in China and are owned/operated by Chinese companies have the ability to capture data that both American consumers and public sector officials at the federal, state and local government levels all assume is private.
TikTok collects user data including IP address, user agent, mobile carrier, time zone settings, identifiers for advertising purposes, device IDs, approximate location based on your SIM card and/or IP address, keystroke patterns for rhythms (which can lead to credential theft), and connected audio devices. Over the course of today’s hearing, it became clear that Congress doesn’t think TikTok’s plan for data security, privacy, and national security meet expectations.
It’s important for both the administration and the average American consumer to understand that TikTok is just the tip of the iceberg. There are currently over 9 million apps identified in the Lookout data corpus that communicate with IPs, domains or servers in China. The government and private sector need to increase collaboration together on this critical issue, especially to promote awareness on how mobile app permissions can put data at risk. Even if an app doesn’t seem malicious, these apps communicate via dozens of back-end domains, IPs and URLs connected with other services that could be risky themselves.
Lookout is committed to doing its part to help advance this conversation and broader awareness, as only then can we take the needed steps to properly protect our data and privacy. We’re proud to be trusted with securing the mobile devices used by the House and Senate, government agencies and major corporations alike. As a security partner, Lookout helps implement the technology and data strategies needed to enforce policies like a TikTok ban, as well as help them understand the exposure risks posed by any mobile app and how they can protect themselves.
To restrict untrustworthy apps suspected of collecting data for surveillance purposes, public and private organizations alike need to implement capabilities beyond those of a mobile device manager (MDM) and implement a mobile threat defense strategy that enables:
Implementation app policies on managed and unmanaged iOS and Android devices that would ask (or force) the device owner to remove banned apps.
Proactive research of risky apps and putting protections in place against those apps.
Implementation of top-level domain protection that can block any communication between a device and domains with certain endings, such .cn.
