TikTok can be used on Singapore government-issued devices only on a 'need-to' basis
This is an existing policy that mandates only approved apps can be downloaded on government-issued devices, said the Smart Nation and Digital Government Group.
SINGAPORE: Public officers are allowed to use TikTok on government-issued devices only on a "need-to basis" under existing policy, said the Singapore government.
“Government-issued devices are meant for work and there are clear rules stipulating that only approved apps should be downloaded on such devices,” said a spokesperson for the Smart Nation and Digital Government Group (SNDGG) on Thursday (Mar 16).
“Currently, TikTok is only allowed for use by public officers on a need-to basis, such as for communications officers.”
Other apps, such as Facebook, YouTube and Instagram, are also subject to the same policy, said SNDGG on Friday in response to further queries.
The SNDGG, which comprises the Smart Nation and Digital Government Office and the Government Technology Agency, oversees the digital transformation of the government and the country's key Smart Nation projects.
Government-issued devices have security configurations to safeguard data, while public officers are regularly reminded to only download approved apps, it told CNA in response to queries about the recent security and privacy concerns over TikTok.
Some Singapore politicians are using the app, including Deputy Prime Minister Lawrence Wong, Health Minister Ong Ye Kung and Speaker of Parliament Tan Chuan-Jin, who each have thousands of followers on the platform. CNA has contacted them about the security concerns regarding the platform.
Britain announced on Thursday that it would ban TikTok on government phones with immediate effect.
TikTok is owned by Beijing-headquartered internet company ByteDance. The bans underscore mounting concerns that the app’s user data could end up in the hands of the Chinese government, undermining Western security interests.
The concerns raised are not new.
The app, with more than 1 billion users worldwide, was caught in the crosshairs in 2020 when then-US president Donald Trump dubbed it a national security threat and attempted to block new user downloads in the US. TikTok has denied that it is a threat to US national security.
Like many other social media apps, Tiktok collects significant amounts of user data, including birthdays, email addresses and phone numbers, as well as tracks users’ likes, shares and search history.
But some experts said there are elements that are more unique to the app.
Dr Kevin Curran, professor of cybersecurity at Ulster University, pointed to the platform’s in-app browser, which "could potentially be collecting passwords and usernames typed in and tracking activity on the in-app browser".
Experts said concerns about TikTok lie primarily with uncertainties about whether these huge amounts of data can be exploited by the Chinese government.
“Many social media apps, including popular ones such as Facebook, Instagram and YouTube, collect significant amounts of user data, and TikTok is no exception,” said Singapore University of Technology and Design’s Assistant Professor Roy Lee.
“However, the primary concern regarding TikTok is whether the app shares its collected data with its parent company, ByteDance, which may in turn pass the data to the Chinese government."
“While TikTok has repeatedly stated that it does not share user data with the Chinese government and would not do so if asked, it is important to consider that ByteDance is legally compelled to comply with requests for user data under Chinese law, and it is unclear how ByteDance would resist such requests,” he added.
State exploitation of such data could have “severe consequences”, such as the app being manipulated to influence user behaviour or opinions and potentially become a propaganda tool, said Asst Prof Lee.
The lingering geopolitical rivalry between China and the West is a reason behind the growing concerns.
“The Ukraine war has not helped. It has stepped up concerns about an East versus West in the future,” said Dr Curran. “It comes down to a trust issue.”
That said, there are other studies that have shown TikTok poses no greater risk of either surveillance or influence operations than other social media platforms.
For example, a report released by the Georgia Institute of Technology in January found that TikTok is “a commercially motivated enterprise, not a tool of the Chinese state”.
“The data collected by TikTok can only be of espionage value if it comes from users who are intimately connected to national security functions and use the app in ways that expose sensitive information,” authors from the university said.
“These risks arise from the use of any social media app, not just TikTok, and cannot be mitigated by arbitrarily banning one app.”
WHAT TIKTOK SAYS
When contacted by CNA, TikTok said there are “a lot of misconceptions” about its relationship with China.
For example, parent company ByteDance “is not Chinese owned”, a TikTok spokesperson said. Nearly 60 per cent of ByteDance is owned by global institutional investors, with founders holding a 20 per cent stake and the remaining 20 per cent owned by employees.
“The Chinese Communist Party has neither direct nor indirect control of ByteDance or TikTok,” the spokesperson added.
“It's important to distinguish political concerns about TikTok from policy concerns. While some questions about TikTok and our Chinese heritage have become politicised, we take national security concerns very seriously.”
In its reply, TikTok also reiterated that its app “is not unique in the amount of information it collects”.
“In line with industry practices, we collect information that users choose to provide to us and information that helps the app function, operate securely, and improve the user experience.”
The company has said in various public statements over the years that its user data is stored at its own data centres in the US and Singapore.
As part of efforts to assuage data security concerns, the company said last week that it is working with a third-party European security company to oversee how it handles European users’ data, which will be stored at two centres in Dublin and one in Norway from 2023.
TikTok already has a similar deal in the US with Silicon Valley giant Oracle to keep US users’ data in the country.
Employees’ access to data is guarded by robust controls and safeguards, such as encryption and authorisation approval protocols overseen by its global security organisation led out of the US, to ensure that access is granted based on “demonstrated business need”, it told CNA.
“As we’ve said before, TikTok has never provided user data to the Chinese government, nor would we if asked.”
On tackling misinformation, the company stressed that it does “not allow accounts that attempt to coordinate efforts to influence public opinion, or mislead users or TikTok’s systems about their identities”.
A combination of policies, technology and moderation is deployed to address violations of its community guidelines. Its latest enforcement report showed about 92 per cent of videos identified as violating the integrity and authenticity policy were “proactively removed” – meaning it was removed before it was reported, said the spokesperson.
TikTok’s chief executive Chew Shou Zi is due to appear before the US Congress next week. A Bloomberg News report on Mar 14 said the app firm is considering separating from ByteDance as “a last resort” to help address US concerns about national security risks.
USERS MUST BE VIGILANT
Asst Prof Lee said banning government devices from using TikTok may have “little impact” on mitigating potential security risks, as users are still able to assess social media apps on their personal devices.
Many government and corporate official devices also do not have such apps installed to avoid negatively impacting employees’ productivity, he added.
“Therefore, the decision to ban TikTok on official devices may be viewed as a political manoeuvre, rather than a security mitigation strategy,” he said.
Users have to be aware of the risks when using social media platforms and be vigilant, experts said.
Asst Prof Lee referred to the Cambridge Analytica scandal in 2018 as an example of how users are vulnerable to manipulation through targeted campaigns on social media.
Cambridge Analytica, a now-defunct British political consultancy, had improperly acquired private data from millions of Facebook users for the purpose of supporting then-US president Donald Trump’s 2016 election campaign.
The scandal led to government investigations into Facebook’s privacy practices, lawsuits and a high-profile US congressional hearing where the social media giant’s chief executive Mark Zuckerberg was grilled by lawmakers.
“Whether concerns about TikTok are overblown or not is a matter of debate,” said Asst Prof Lee.
“What is important is for netizens to be aware of the risks posed by social media platforms, including TikTok, acknowledge the potential risks associated with data collection practices and take steps to protect personal information while using the apps.”
Users should also be wary of apps that ask for excessive permissions, such as access to their location, camera, microphone, contacts and browsing history, especially if such access is not explicitly required for the app to perform its core function.
They should also keep their device software updated and run anti-virus or anti-malware scans regularly, the agency said.
Editor's note: This article has been updated to include the Singapore government's clarification that the restriction on certain apps, including TikTok, on government-issued devices is part of an existing policy.