back to article TikTok boom: US Army bans squaddies from using trendy app on govt-issued phones

TikTok is one of the fastest growing social apps, with more than 1.5 billion downloads. However, its Chinese origins have caused controversy in the US, leading some lawmakers to declare it a threat to national security. And now the US Army has banned soldiers from downloading the app on government-issued phones. Speaking to …

  1. bombastic bob Silver badge
    Devil

    social media data hoovering is an obvious security risk

    if it's a government-issued phone, they can say what you can do with it...

    and for security reasons I'd ban Fa[e]ceb[ook,itch] as well! And Twi[a,t]ter [except for the Trump feed]. And GOOGLE for that matter...

    in this way, a hidden data-mining "feature" of TikTok [whether it exists NOW or not] can't be running while a soldier or sailor is doing his duty someplace, GPS tracking EVERY! MOVE! and reporting back to whomever PAYS MONEY TO TIK TOK TO GET THAT.

    And with the other data snarfers, same thing. But TikTok is owned by a COMMUNIST COUNTRY. That kinda DEMANDS action, ya know?

    1. Anonymous Coward
      Anonymous Coward

      Re: social media data hoovering is an obvious security risk

      It's a work phone. Exactly why do they have use rights to install anything on it at all?

      1. chivo243 Silver badge

        Re: social media data hoovering is an obvious security risk

        It's a work phone, and the employer is a world government. Exactly why do they have use rights to install anything on it at all? Let alone a garden variety app. One would think the militaries of the modern world would have come up with a secure chat app?

        I added a bit or two... sorry, you got me started...

        1. GnuTzu Silver badge

          Re: social media data hoovering is an obvious security risk

          The apps on those phones should be managed by a mobile provisioning system--controlling what apps a phone can and cannot have, even limited by AD group--and even ensuring that only validated/scanned apps are available. In fact, such controls should be mandatory in any organizations having any sensitive data--i.e. most every organization.

          But, that doesn't stop users--even high-level users--from asking for all kinds of nonsense. You might well be surprise (or not) at how far these requests get before some bit of sanity shuts one down.

          1. Prst. V.Jeltz Silver badge

            Re: social media data hoovering is an obvious security risk

            The US military is quite a big outfit.

            I dont think you can manage it with a couple of A.D. groups.

            I bet theres dozens of different I.T departments across dozens of divisions of Military , all with different ideas on how to manage a phone and what apps can be used.

            A bit like the NHS

            A quick google says both have around a million staff.

            I'd rather be in the country with the million charged with patching people up than putting holes in them!

            1. theblackhand Silver badge

              Re: social media data hoovering is an obvious security risk

              "The US military is quite a big outfit.

              I dont think you can manage it with a couple of A.D. groups.

              I bet theres dozens of different I.T departments across dozens of divisions of Military , all with different ideas on how to manage a phone and what apps can be used."

              As part of JEDI, the DoD did a survey of data centres and decided ~225 were in-scope. The number of server rooms/server closets/random places holding more than a few important servers was around 650. And that ignores mobile server facilities (intentional or otherwise).

              It probably also ignores the facilities that are too heavily classified to show up on surveys.

            2. GnuTzu Silver badge

              Re: social media data hoovering is an obvious security risk

              "I dont think you can manage it with a couple of A.D. groups."

              I can't speak for the military, but I do have direct knowledge of how at least one large organization deals with this.

              Of course, there are some organizations who can't see the AD forest for the trees. ;) (Sorry, couldn't help it)

              Anyway, I've seen how many groups a large organization can have. I'm currently a direct member of over 20 groups, which expands into over 60 nested in the hierarchy. And, I assure you that there are those who do in fact determine who can have what app by AD group.

              1. Claptrap314 Silver badge

                Re: social media data hoovering is an obvious security risk

                Large? If your base ACL looks like {owner, senior, junior, guest}, then you have four groups per team in the hierarchy (at each level), and for each project large enough that it might conceivably get moved around during a reorg.

                I was criticized for my setup with about 120 groups for a team of 90 people. Then I went over the purpose of the groups with my critics.

          2. Robert Helpmann?? Silver badge
            Childcatcher

            Re: social media data hoovering is an obvious security risk

            GnuTzu, you've hit the nail on the head. This is not unique to mobile devices by any stretch. There are lists of approved applications allowed in all USDoD environments (and for other US government agencies) with all others being banned by default. The reporting on this has pretty much missed this both here and in other outlets. Same for users who confuse their government issued devices with personal property or try to pull rank to get what they want because. As long as there are restrictions, there will be people who think they do not apply to them.

            1. GnuTzu Silver badge

              Re: social media data hoovering is an obvious security risk

              "or try to pull rank"

              Preaching to the choir. It's just pitiful how bad it gets.

              Do they really feel that pettiness is a way to demonstrate leadership qualities?

              1. Claptrap314 Silver badge

                Re: social media data hoovering is an obvious security risk

                If they are human, (ie: competitive social creatures) the answer will be "yes", I believe.

        2. Chris 211

          Re: social media data hoovering is an obvious security risk

          Because you don't secure things by banning them. You make government apps secure. No such thing as a work phone anymore, it's a device, any device to access a containered secure app. Banning weed and alcohol really worked well didn't it...... people will always find a way round the rules.

          1. Tom 7 Silver badge

            Re: social media data hoovering is an obvious security risk

            Have you never sent an e-mail to the wrong person ditto text? If you have an 'open' app on the phone its too easy to send information to an unsecured source. You dont secure things by letting people kick the fucking door in.

            1. Anonymous Coward
              Anonymous Coward

              Re: social media data hoovering is an obvious security risk

              "You don't secure things by letting people kick the door in"

              The Royal Navy secures a building by shelling the surrounding countryside until there's nobody left to break in.

              The Fleet Air Arm secures a building by dropping a couple of helicopters full of Royal Marine Commandos on the roof and sitting back to watch the fun.

              The British Army secures a building by flattening it with Artillery fire, then sending in the Parachute Regiments, the SAS and the Armoured Division to defend the rubble.

              The Army Catering Corps secure a building by filling it with ration packs.

              The Royal Air Force secures a building by flattening it then constructing a hotel on it and going on Extended Operations therein.

              "Military Intelligence - the world's greatest oxymoron!" :-)

              (posted anonymously because my boss thinks Skippy's List is a great addition to the Field Service Manual...)

              1. bombastic bob Silver badge
                Devil

                Re: social media data hoovering is an obvious security risk

                The U.S. Navy secures a building by firing a tomahawk MISSILE into a window from a submarine that's over 100 miles away... pretty much killing EVERYTHING in the room, the surrounding rooms, and maybe the surrounding area.

                Oh, and a marine or seal spotter told them which window. theirs was the harder job

      2. el_oscuro
        FAIL

        Re: social media data hoovering is an obvious security risk

        I was in the Army many years ago and the entire certification exam for the computer programmer MOS 74-Foxtrot was nothing but cybersecurity.

        How are these Army issued phones anything other than locked down milspec issue?

    2. HildyJ Silver badge
      Trollface

      Re: social media data hoovering is an obvious security risk

      It's not that it's a commie country, it's that it's not subject to US intelligent agency data slurps.

      1. Anonymous Coward
        Anonymous Coward

        Re: social media data hoovering is an obvious security risk

        it's that it's not subject to US intelligent agency data slurps.

        care to put money on that? ;-)

        1. bombastic bob Silver badge
          Devil

          Re: social media data hoovering is an obvious security risk

          If cold war history is of any consequence, we're probably reading Xi's mail in real time. even the encrypted stuff.

          The thing is, what's obvious about China is what they do to their OWN people. They'll build this capability [like Google and Facebook] into social media stuff and NOW the chinese government gets to snarf data from U.S. government-issued phones if TikTok is allowed to be on them. That's really what it's about.

          So, from the government's perspective, it's ok to spy on China, but it's NOT ok for them to have an equal access to our military via government-issued phones...

          I guess that point was already made, but I'm just saying it straight-up to avoid any doubts as to what they're doing.

      2. Anonymous Coward
        Anonymous Coward

        Re: social media data hoovering is an obvious security risk

        "It's not that it's a commie country, it's that it's not subject to US intelligent agency data slurps."

        That's awfully presumptuous.

        Just because TikTok only take down anti-China content (i.e. a lot of Hong Kong protest videos have been removed) doesn't mean the western agencies don't get a chance to look too.

    3. IGotOut
      Angel

      Re: social media data hoovering is an obvious security risk

      Bob, I guess the Trump feed is Ok as he reminds you a lot of McCarthy and Nixon right?

      I feel sorry for you, must be a really scary world outside your bunker.

      Keep that food stock up, the AR-9's loaded, the apocalypse is coming, anytime now, just you see.

      1. phuzz Silver badge

        Re: social media data hoovering is an obvious security risk

        "he reminds you a lot of [...] Nixon right?"

        I dunno, did Nixon start a war to distract from him being impeached?

        1. Tom 7 Silver badge

          Re: social media data hoovering is an obvious security risk

          Well Clinton did a raid on Iraq when he was threatened with impeachment (Dec 1998). Seems a typical POTUS cowards way of attempting to avoid scrutiny.

          1. Anonymous Coward
            Anonymous Coward

            Re: social media data hoovering is an obvious security risk

            And does the attempted impeachment of Clinton really count? Sure, some were outraged, but it was moral outrage at two consenting adults enjoying themselves versus actions that affect the US.

            Or are you suggesting the real reason Trump suggested withholding military aid was pursuit of sexual gratification?

            1. Grinning Bandicoot

              Re: social media data hoovering is an obvious security risk

              The impeachment bill was issued not for the sex but rather for not stating the truth then bragging about it by saying he didn't think fellatio was a sexual act. The thing about that was the Federal agencies were running educational sessions with threats about sexual harassment and he attempts to demonstrate that the rules don't apply

        2. bombastic bob Silver badge
          Devil

          Re: social media data hoovering is an obvious security risk

          actually Kennedy started the Vietnam War, and LBJ turned it into the quagmire that we all remember today.

          Nixon actually ended it, and by pulling out U.S. troops, allowed the VC government to overrun the places we were defending. Many people believe that if Nixon hadn't been side-tracked with Watergate, he might have ended it more like the Korean War, which happened while Nixon was Vice President, I might add.

          (unfiltered history for the benefit of millenials, who probably aren't exposed to unfiltered history very often, the revisionist kind being more suited to manipulating them through FEEL)

      2. bombastic bob Silver badge
        Facepalm

        Re: social media data hoovering is an obvious security risk

        "I guess the Trump feed is Ok as he reminds you a lot of McCarthy and Nixon right?"

        Not even REMOTELY close. Nixon was a liberal republican who started the EPA and tried to regulate the economy through price/wage freezes. McCarthy was more like the P.C. gang nowadays with "guilt by accusation". The modern-day McCarthy-ism includes various smear tactics LIKE leaking classified and private information like a sieve to the willing press corps, AHD holding sham impeachments for non-crimes based on opinions and heresay, with no actual DUE PROCESS (like the accused being able to face and cross-examine his accuser, produce his own witnesses, etc.).

        But hey, you've got the "pandering to the perception" part nailed in the quote I included at the top. Trump is actually the OPPOSITE of that. "Drain the swamp"

        icon, because, facepalm

    4. Teiwaz Silver badge

      Re: social media data hoovering is an obvious security risk

      Surprisingly Sensible, apart from the idea of WHITELISTING the TRUMP Feed.

      Might make sense from some points of view, but subjecting parade-drilled into insensibility troops to Trumps unfettered ravings might well backfire.

      The fate of Thomas Becket comes to mind.

      Also, I believe it bypasses the Chain of Command.

      1. bombastic bob Silver badge
        Devil

        Re: social media data hoovering is an obvious security risk

        it bypasses the Chain of Command.

        How does Trump's direct words bypass the chain of command? I think the people at the top have every right to directly order those at the very bottom, but in dealing with grievances, that's where 'chain of command' really applies. You go to YOUR platoon/division first, then up the chain, with respect to grievances. Yeah I was in the Navy for 6 years so I know how the system works. And it's NOT a bunch of unthinking grunts being dictated to like robots. We have robots for that sort of thing anyway...

  2. Blockchain commentard Silver badge

    Just give the squadies a Nokia 3310. Another benefit is that it was considered bullet-proof !!!!

    1. Tom 7 Silver badge

      I wonder if I could get enough to make plate-armour?

  3. Teiwaz Silver badge

    Department of Fictional Fantasy Conspiracy

    Project Tic-Toc confusion?

    1. Anonymous Coward
      Anonymous Coward

      Re: Department of Fictional Fantasy Conspiracy

      Exactly, can't have anyone competing with American social media can we?

  4. martinusher Silver badge

    I think you'll find the ban covers more than just work phones

    The problem with mobile devices surfaced a year or two ago when it was discovered that phones and fitness trackers were able to provide valuable intelligence about the disposition and activities of service personnel. This goes way beyond a particular application but it shows that our leadership is all at sea when trying to distinguish real threats from science fiction. Judging by what TicTok does its not going to give any additional information away that's not already readily available from the mobile device (i.e. why bother with a secret program of spying when you can just buy everything you need cut price as 'analytics'.) The fact it was written by Chinese people -- probably -- doesn't make it any different from any one of the hundreds of other applications competing for our attention (and, anyway, if you fear Chinese people working on software then you've never worked in California.....).

    1. Tom 7 Silver badge

      Re: I think you'll find the ban covers more than just work phones

      I dunno, as anyone who was forced to crack early software when dongles failed you should know its relatively easy to hide really quite complicated code inside exe type files that only makes sense when you have the right entry point. The US may have access to the source code of other stuff and not this.

    2. Anonymous Coward
      Anonymous Coward

      Re: I think you'll find the ban covers more than just work phones

      The difference with TikTok (or any other social media that provides video content) is less likely to be location etc but rather accidental disclosure of what is happening in the background of some of these videos.

      A couple of Marines eating crayons might be funny and indicate US military dietary preferences (and explain why Crayola factories are destroyed in a future war) but a vehicle driving past with new armour or weapons may give away valuable information in much the same way as some of the accidental disclosures of Russian and Chinese weapons in recent years.

      1. Claptrap314 Silver badge

        Re: I think you'll find the ban covers more than just work phones

        "What new toys are there?" is just one datum of a rather large set of data that I would be worried about. Here are a few that come to mind immediately:

        - What is the general morale of the force?

        - What about an individual might be used to suborn that person?

        - How rigorous is the training of units expected to be deployed against us?

        - Which individuals occupy critical positions to the functioning of units expected to be deployed against us?

        (Think critical infrastructure, as well as command positions. Fuel, IT, ammo, food, spares...)

        - What is the activation posture of units expected to be deployed against us?

        - Which high-value individuals have routines that would allow them to be easily neutralized?

        - What is the level of maintenance of equipment likely to be deployed against us?

        And of course, the evolution of any of the above over time is a big deal as well. Folks in DC knew, for instance, that Desert Storm was about to kick off when pizza deliveries to the Pentagon spiked one evening...

        As I said, off the top of my head. And no, I've never worked in any threat intelligence field.

    3. bombastic bob Silver badge
      Devil

      Re: I think you'll find the ban covers more than just work phones

      When you're in the military, the command you belong to may declare a particular place "off limits". This may be because it's a den of drug dealers (seen), a religious cult (seen), or just some place that the command does not like (have not seen, but they have the perrogative).

      Extending this to personal electronics is NOT unprecedented. Enforcement would be up to the individual commands, but believe me, if you're doing something that puts your shipmates in any kind of danger, the others around you will have a LOT to say about it!!!

      Example: noobie on a submarine leaves the toilet lid up after peeing in it. He's told by a senior member of the crew to put the damn lid down, because when the boat takes an angle, it'll slam down on the crapper making a loud noise in the water. Or the same kind of thing, NOT shutting the doors properly, or slamming them too hard when you DO shut them. It's not just about not waking people up in berthing, or making an irritating noise, it's about NOT putting noise in the water.

      Same things with "apps" on your personal phone. if it's snarfing up data about YOU, it could ALSO be indirectly snarfing data about your crewmates. So yeah, it's a concern. And I think anyone in the military who has a brain would agree with this, and I'm sure they'll share info about 'safe' alternaties to otherwise slurpy "CRapps".

  5. Anonymous Coward
    Anonymous Coward

    GPS enabled military phones :-)

    Come on.

    There HAS to be a "find my army" application.

    1. KittenHuffer Silver badge

      Re: GPS enabled military phones :-)

      They're up your sleevys!

    2. Erebus_77

      Re: GPS enabled military phones :-)

      Yeah, its called Strava

      https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

      1. bombastic bob Silver badge
        Coat

        Re: GPS enabled military phones :-)

        seeing that link wants me to say "based"

  6. Anonymous Coward
    Anonymous Coward

    If I was a squaddie on a battlefield, I wouldn't want to carry anything emitting radio signals that an enemy could triangulate and track or a missile could home in on. Military communications gear is specially designed to be very hard for an enemy to detect. Cellphones are much too easy.

    1. phuzz Silver badge

      It turns out that actual squaddies on battlefields like to be able to talk to their friends and families back home, so they find ways of getting mobile coverage if at all possible.

  7. RegGuy1

    I like Tik-Tok

    ... especially the orange ones.

    1. Anonymous Coward
      Anonymous Coward

      Re: I like Tik-Tok

      But too many definitely have a laxative effect.

      Source: a friends father was a salesman who unwittingly provided free sugary samples for a small LAN party. If we had known, we would have ensured there were more toilets at the chosen location.

  8. Prst. V.Jeltz Silver badge

    Shouldnt they be banned from all inane pointless timewasting meme creator apps? regardless of national security issues?

    1. Pascal Monett Silver badge

      They do have time off from being shot at, you know. They need some distractions, lest they go absolutely barking mad all the time.

      1. Tom 7 Silver badge

        Judging from the attrition rate once they get home social media doesnt seem to be of much help.

  9. Danny 2 Silver badge

    'Repent, Harlequin!' Said the Ticktockman

    I've obviously posted this here before as the title appeared after Rep. I should really clear my cookies or refresh my memory.

    So instead I'll post this: Russia bans smartphones for soldiers over social media fears

    I was tempted to go with the RN sailors crying in Iran because their iPods were seized, but apparently we are at war now.

    Hey, who else applied to work for Dominic Cummings at No.10? I'll show you my application if you show me yours.

  10. Anonymous Coward
    Anonymous Coward

    who in the first place?

    would allow a foreign countries software on their military equipment? that is just silly.

    Can put any US software on it either, since the NSA has backdoors in everything we have :/

    1. bombastic bob Silver badge
      Meh

      Re: who in the first place?

      NSA back door on the military.... I don't think they need to bother with that one. I'm sure they had access to everything I knew, everything I did, and everything in my service record, when I was in the Navy. Well it wasn't called 'NSA" back then but same idea.

      [on a related note, there is still some classified information I won't disclose knowledge about, nor discuss, because it hasn't been made public knowledge, even from 30+ years ago].

  11. Grinning Bandicoot

    Spies and personal information or Smilely dosn't have a chance

    Recent article made a point that with the techniques for gathering and filtering data it is now very hard and getting harder to play spy master. Gave Singapore as an example of max tracking. Ex.: Taxis all taxis have tracking beacons reporting to the central police station where the time spent on the run is compared against the standard and if it falls outside the range of error it is flagged. This is to protect the rider from gouging. Of course the cameras at the airport and hotel record a James Bond got in the vehicle and oh the person registering has now some other name! It was for that reason that consumer DNA kits are discouraged because that can be used to build a personal file. If in the days of key punch back tracking on a legend were possible, think now what is possible with petabyte files.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020