on 8th March 2023 The National Cyber and Information Security Agency (NÚKIB) has issued Warning against a cybersecurity threat consisting of installing and using the TikTok app.
From the point of view of cybersecurity, it is primarily the case that TikTok collects excessive amounts of user data, in particular:
- when mapping devices, the application collects information about other running and installed applications
- stores the content of private communications on the servers of the parent company ByteDance
- periodically checks the location of the device
- has access to contacts on the device
- collects device information including Wi-Fi SSID, previous Wi-Fi configuration, device serial number and SIM card, device ID, device IMEI, MAC address, phone number, list of all user accounts used on the device and complete access to the clipboard
- maintains persistent access to the calendar allowing it to be read and changed
- enforces the use of a native browser that allows monitoring almost all user activity (e.g. pressing keys on the screen)
Based on the Warning issued, we take precautions:
If you have the TikTok app on a business device (mobile phone, laptop, tablet) or on a private device that you are connecting to our network (laptop with VPN, etc.), you need to uninstall the TikTok app from these devices and do not use its web version (https://www.tiktok.com/).
Thank you for your cooperation,
Charles University Cybersecurity Manager