With the US Government banning TikTok in 2023, many organizations are considering or even contractually obligated to restrict access. For some companies, content filtering on mobile may be a new challenge, in some cases requiring new technologies not yet implemented. Mobile Device Management (MDM) can get us most of the way there, but additional tools will be required in most cases to make it fully bulletproof.
Lets first consider how a user may access TikTok. There is of course the application, but TikTok is also available through the browser. MDM can easily restrict applications, but browser-based content filtering gets more complicated. While the data collection from the app is more severe (and ever present while its on the phone), data privacy is still a concern when accessing via the browser.
What data is TikTok collecting? TikTok’s privacy policy is extensive, collecting more data than it’s end users might realize. Much of this data includes PII such as age, web history, location tracking, and photo/video metadata. These oversteps are true for most social media apps, but regulators had additional concerns over the ownership of that data and TikTok. While their executive leadership has testified to congress that data is stored securely in the US, many companies are still moving forward with blocking the app.
Blocking the app can vary depending on which MDM you utilize. They tend to fall into 4 main categories:
• Block: If the device is fully supervised through a program like Apple Business Manager or Knox Mobile Enrollment, then the app can be blocked from being installed with a device restrictions profile.
• Compliance: Some MDMs can account for BYOD enrollments via compliance. For non company owned devices we can’t outright block the app but we can at least detect if it is installed.
• Hide: The block function in the device restrictions profile specifically prevents target apps from being installed, but what if the app already installed? Some may opt to hide the app instead although keep in mind, it’s possible the user granted permission for the app to collect data even when it’s closed.
• Uninstall: Another method to tackle devices which already have TikTok installed is a bit unorthodox. Provided the device is fully supervised, the company can deploy TikTok itself and take over management of the application. This will then allow the company to uninstall the application.
The implementation of the above 4 options can vary by MDM and some may not have all of them. The device restrictions block function is very common, but not completely bulletproof. Companies should also implement an acceptable use policy forbidding TikTok on company devices.
Another non bullet proof angle is that TikTok can be accessed on the web, not just the app. Most MDMs will allow you to play whack-a-mole and allow you to block individually specified websites. This control might be enough for some companies, but it doesn’t prevent mitigation of restrictions. For example, an end user can use a web proxy service which will allow them to mask the URL from the content filtering, circumventing the TikTok block. Services more directly tackling content filtering will have a more bulletproof approach where not just TikTok is blocked but also methods of mitigation. These solutions tend to vary in how they are marketed but most are commonly sold as VPN, and mobile threat defense.
Ensuring apps are blocked across the website and the app can require a complex strategy, especially if bulletproof is your goal. Additionally, these controls can also vary depending on the device’s operating system. Apple and Android’s approach is going to vary significantly, especially across MDMs. Make sure to lean on your MDM team at LINQ to design the best approach to blocking TikTok for your company.