TikTok… TikTok… It’s Time to Address the Privacy and Security Risks of All Mobile Apps
The U.S. is “looking at” banning TikTok and other Chinese social media apps, Secretary of State Mike Pompeo told Fox News on Monday. This comes on the heels of TikTok and other “questionable” apps being taken down from Apple’s App Store and Google Play in India. The India Ministry of Information Technology said in a release that it has decided to block 59 apps in view of the information available that “they are engaged in activities which are prejudicial to sovereignty and integrity of India, defense of India, the security of the state and public order.”
What’s so bad about TikTok?
Unfortunately, privacy and security concerns surrounding TikTok are nothing new. In the fourth quarter of 2019, we took a look at the “Make Your Day” version of TikTok, which is found in the U.S. App Store and Google Play.
When looking at the privacy and security scores, the closer to 100, the higher the risks:
- 0 – 33 is low;
- 34 – 65 is medium; and
- 66 -100 is high.
The Android version had high privacy and security risks and iOS had high privacy and medium security risks. iOS rated 98/100 for privacy and 64/100 for security. Android was 79/100 for privacy and 82/100 for security.
Fast forward several versions (the latest version as of this blog post) later and well, the results are mixed: iOS rates 98/100 for privacy and 91/100 for security. Android rates a little better from when we last scored – – 75/100 for privacy and 63/100 for security.
We calculated the scores using Zimperium’s z3A Advanced Application Analysis engine. Zimperium z3A is the leading application reputation scanning service that continually evaluates risks posed by mobile apps.
z3A provides deep intelligence about app behavior, including content (the app code itself), intent (the app’s behavior), and context (the domains, certificates, shared code, network communications, and other data). z3A also provides privacy and security ratings, enabling enterprises to create security policies, and limit or remove risky apps from managed devices.
Of note, our customers are made aware of the security and privacy risks associated with all apps – including TikTok – that their employees download onto their mobile devices, in our enterprise grade management console, zConsole. Our customers are able to create policies for their employees on usage, based on the app’s security and privacy scores.
So, I really only need to worry about TikTok … right?
Wrong. While these scores are most certainly high and illustrate extreme privacy and security concerns, the idea that the TikTok app is the exception when it comes to mobile app privacy and security is false. It is the rule – – almost every mobile app has privacy and security risks. The degrees obviously vary, but the results are indisputable – – mobile apps are fraught with privacy and security risks.
For example, in the last year, we’ve researched the top banking apps in 2020 and 2019, leading travel apps, shopping apps and dating apps. The overwhelming majority of the apps have privacy and security concerns.
Results in these reports were anonymous and we reached out to each company to review the detailed report for its own app. As we continued with these reports and discussed these concerns with the companies in question, many of the security teams were unaware of the extent and severity of the issues in their apps.
The reality is, the security and privacy risks associated with these apps not only affect individual users, they can impact companies, organizations and government agencies.
How Zimperium helps secure apps
Zimperium helps you protect apps throughout the software development lifecycle. Our Mobile Application Protection Suite (MAPS) identifies security, privacy and compliance issues during development and protects apps while in use.
zScan provides continuous protection and verification during app development. zShield enables protection during app build and launch. And zDefend embeds Zimperium’s award winning machine learning based detection into apps so that they remain protected even during runtime on the user’s mobile device. To learn more about MAPS, watch our on-demand webinar.
If you would like to learn more about securing your mobile apps from development to running on end user devices, please contact us. We are here to help.