Do you have the TikTok app installed on your phone? You should know this! Warning issued by the Ministry of Digitization

During the meeting of the Cyber ​​Security Operative Council on Wednesday, the Minister of Research, Innovation and Digitization, Sebastian Burduja, presented a technical report on the cyber security risks associated with the installation and use of the TikTok application.

Several elements emerged from the consultations. Thus, “according to the Terms of Use, the application is allowed to collect advertising information directly from its own sites by integrating TikTok Advertising-type utilities, such as TikTok Pixel. The application can collect a large number of information about the user’s device, including: Wifi SSID, phone model number, SIM card serial, IMEI, SMS reading, device MAC address, phone number, GPS data, details of other connected accounts on the device, full access to the Clipboard (which can generate cybersecurity risks because a large number of Password Manager applications exploit the clipboard). The application tracks users, even if they have activated the Do Not Track option. The application automatically collects data such as device model, operating system, keystroke patterns and rhythms, IP, location, tracked content, search history, mail content characteristics, gender profiling, age, etc. Also, the application reserves the right to share data with public authorities and collect information about the other services and applications that are installed on the device. It can also perform remote debugging of the application, including running new processes and executing commands in the Webview (can lead to the loading of malware files on the device hosting the application). In addition, the application has its own built-in browser with Javascript functions and any data entered can be monitored.

The technical report presented by the Minister of Research, Innovation and Digitization was developed by the National Cyberint Center of the Romanian Intelligence Service, based on the data and information resulting from the testing of the Tiktok application.

The Ministry of Research, Innovation and Digitization argued within the Cyber ​​Security Operative Council that there are cyber security risks related to the installation and use of the TikTok application on the service devices of public authorities and institutions and, in addition, that an information campaign and awareness for Romanian citizens who use the application.

“Within COSC it was decided that each public authority member of COSC, according to art. 8 para. (1) from Law no. 58/2023 regarding the cyber security and defense of Romania, as well as for the modification and completion of some normative acts, to make its own analysis of the risks, vulnerabilities and cyber security threats associated with the installation and use of the TikTok application. The deadline for completing the analysis is one week. Until the analysis is completed and some administrative acts are adopted, the COSC recommended the National Cyber ​​Security Directorate to issue, pursuant to art. 10 para. (1) lit. a) and of art. 24 para. (1), (2) letter i) and j) and para. (3) lit. d) and e) from Law no. 58/2023 and of art. 5 lit. b), point 4 of Emergency Ordinance no. 104/2021 on the establishment of the National Cyber ​​Security Directorate, a recommendation to central and local public authorities and institutions to uninstall and ban the TikTok application on service devices. MCID recommends that Romanian citizens adopt a prudent and diligent position regarding the use of the TikTok application, considering the cyber security risks resulting from its use. There is no question of banning the use of the TikTok application by Romanian citizens on personal devices, but we draw attention to the fact that its use may lead to the application accessing the user’s personal data, to the creation of a user profile and to access to third-party devices with which the user of the application interacts in the cyber environment”, reports MCID.