Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Businesses China Privacy Security

Amazon Makes Employees Delete TikTok From Phones, Citing Security Risk [Update] (nytimes.com) 64

Amazon has asked its employees to delete the Chinese-owned video app TikTok from their cellphones, citing "security risks," according to a company email sent on Friday. From a report: In the email, which was obtained by The New York Times, Amazon officials said that employees must delete the app from any devices that "access Amazon email." Employees had to remove the app by Friday to remain able to obtain mobile access to their Amazon email, the note said. Amazon workers are still allowed to view TikTok from their laptop browser, the company added. Amazon and TikTok did not immediately respond to requests for comment. TikTok, which has been popular with young audiences in the United States, is owned by the Chinese tech company ByteDance. It has been under scrutiny in Washington for security reasons because of its ownership. Mike Pompeo, the Secretary of State, said on Monday that the Trump administration was considering blocking some Chinese apps, which he has called a threat to national security. Updated at 21:01GMT: In a statement, Amazon said the email was sent by accident. "This morning's email to some of our employees was sent in error. There is no change to our policies right now with regard to TikTok."
This discussion has been archived. No new comments can be posted.

Amazon Makes Employees Delete TikTok From Phones, Citing Security Risk [Update]

Comments Filter:
  • Makes perfect sense (Score:5, Interesting)

    by thomn8r ( 635504 ) on Friday July 10, 2020 @12:26PM (#60283674)
    The choice be "leave your device at home" or "delete all Chinese spyware" Everyone should be blocking these servers at their firewalls as well
    • Is there any evidence that it is Chinese spyware? That is my real question. We get people saying TicTok BAD CHINESE COMPANY!!!! But what are the actual security problems found.

      • History is Evidence. (Score:5, Informative)

        by sycodon ( 149926 ) on Friday July 10, 2020 @12:45PM (#60283754)

        China is not some poor, misunderstood country. It is a Communist Dictatorship.

        Every business exists by leave of the communist government.

        Any company that can potentially provide information useful to the goals of the communist state will be required to do so.

        Any security risks you can imagine in TikTok or any other Chinese software has certainly been imagined by the Communist Government also and likely leveraged to gather information, however mundane.

        • Re: (Score:2, Insightful)

          by Shompol ( 1690084 )
          How is this different from say US govt? What kind of dictatorship is US of A? Should we stop international trade so every country can spy only on its own citizens? I would rather be spied on by Chinese.
          • by cb88 ( 1410145 )
            It's different because when the US government does it... its illegal. Which is why they have to sneak and create secret courts to do it.
          • by sycodon ( 149926 )

            Get TikTok, make videos. I don't give a fuck what you do.

          • by GlennC ( 96879 ) on Friday July 10, 2020 @02:04PM (#60284104)

            How is this different from say US govt? What kind of dictatorship is US of A?

            In China, the government owns the corporations. In the USA, the corporations own the government. Therefore it's not a dictatorship but an oligarchy.

            • Very true. I would argue that both are a form of fascism in the classical definition of the word (Mussolini, WW2 style)

              • I would argue that both are a form of fascism in the classical definition of the word (Mussolini, WW2 style)

                When the taxpayers are forced to hand over their money to corporations to the tune of hundreds of billions of dollars each year and are repeatedly told they have to bail out multi-billion dollar corporations, yes, that is fascism.
                • by HiThere ( 15173 )

                  While that is compatible with fascism, it is not diagnostic. Fascism is more about flows of control than flows of money. IIRC (it's been awhile) for fascism money is merely a detail of implementation.

            • by k6mfw ( 1182893 )

              In China, the government owns the corporations. In the USA, the corporations own the government.

              Sounds like the new take of the phrase, "Under capitalism, man exploits man. Communism it is the other way around."

            • by HiThere ( 15173 )

              Actually and IIUC, China is also an oligarchy. In China the oligarchy just functions through their control of the CCP (and thus of the government).

        • by jon3k ( 691256 )
          The icing on the cake is TikTok claiming [forbes.com] they've never given ANY information to the Chinese government and claim they would REFUSE to do so if asked.

          "TikTok is led by an American CEO, with hundreds of employees and key leaders across safety, security, product, and public policy here in the U.S. We have no higher priority than promoting a safe and secure app experience for our users. We have never provided user data to the Chinese government, nor would we do so if asked."

        • That doesn't answer the question of what are problems with Tic-Tok

          Even the worse countries on earth often had a duality with them. They may want to spy on the United States, but they also want to sell their goods and services to us. It would be like I will not buy Food because it was grown by farmers and farmers for the Most part are Conservatives, and Conservatives hate all people who live in Blue States, so my food is likely poisoned.

      • by Holi ( 250190 )
        Facts and evidence are out of fashion, the world now runs by gut feelings. Can't you tell it's so much better???
      • by slack_justyb ( 862874 ) on Friday July 10, 2020 @01:04PM (#60283866)

        But what are the actual security problems found.

        A person from Reddit who does hum-drum reverse engineering on apps reported on TikTok once back in 2019. Typically person on Reddit is usually saying something like "Oh looks like Twitter is updating their REST API" or "Oh look Facebook is changing the optimization on libpng" or usually some really cut and dry level stuff like that. So the person's posts are about as exciting as a Calculus lecture on any given day.

        However, they reversed engineered as much as TikTok as they could and what was found was highly questionable. You can see a lot of that here [twitter.com]. So when the person was like "you all should not be using this app" that was definitely eyebrow rising. Especially considering the most alarming thing usually coming from the person is "Oh no! Their cert is about to expire!"

        • by HiThere ( 15173 )

          There's also the problem of recertifying updates. Even if you know the current version is safe, an updated version may not be. So it's a threat under the control of someone who is not trustworthy. (Yeah, that describes a lot of software. I usually block javascript.)

          So. That may not justify legal intervention by the courts, but it's quite sufficient for a company to decide "We don't want that app accessing our system.".

          OTOH, if you're willing to run MSWindows, I can't see why you'd have problems with Ti

      • The app was caught secretly accessing the user's clipboard on iOS. There may be other issues as well, but I don't know what they are. https://www.forbes.com/sites/z... [forbes.com] That article states "Given other security concerns raised about the app," but does not mention what they are.
      • TikTok was on a list we had a few days ago of apps that read the clipboard for no good reason.

    • Comment removed based on user account deletion
      • by Somervillain ( 4719341 ) on Friday July 10, 2020 @12:51PM (#60283782)

        Tiktok has become a political football, some saying it is anti-republican, now young'uns are using TikTok in order to retaliate against President Trumps call for banning the app. https://time.com/5865261/tikto... [time.com]

        You may be right, but the fact that a large private company is enforcing this among their employees makes me think there are credible risks. Jeff Bezos is not known for doing things against his interests to appease Trump. I still don't know why TikTok is bad, but seeing private companies who employ lots of security experts place such severe restrictions makes me think there is at least something to be concerned about.

        • by DogDude ( 805747 )
          You may be right, but the fact that a large private company is enforcing this among their employees makes me think there are credible risks.

          A large private company who has a primary income stream from capturing and selling personal data is worried about... competition. If you have a "smart" phone or use Amazon or Google or Facebook, you have nothing to worry about. Your data is already being captured and sold to the highest bidder, anyway. Why would you care if the Chinese government have it if litera
    • You have the choice between US spyware and Chinese spyware, so which to pick is a matter of preference.

      Though what most people seem to completely miss is that this isn't so much about spyware and censorship, but rather who spies and who censors.

      You want to make jokes that are really funny yet have these past few years been impossible to make? Use TikTok.

      Want to repeat what every professor teaches, every late-night host jokes about, every politician espouses, every multi-national corporation stands behinds?.

  • by OrangeTide ( 124937 ) on Friday July 10, 2020 @12:31PM (#60283694) Homepage Journal

    Is the Chinese military going to recruit 14 year old American children? Their goal is to weaponize memes, memes so dank that they can KILL.

  • Seems an overreach if it is the employee's phone. Can they even tell? Can Amazon's email app query to see what app's are installed on the employee's phone?
    • You beat me to it, that was my first thought exactly.

    • by BrainJunkie ( 6219718 ) on Friday July 10, 2020 @12:42PM (#60283744)
      I can't RTFA because I don't have an account, but there is a disconnect between the headline ("Amazon makes") and the story text ("Amazon has asked"). The former seems like an overreach but the latter does not.
      • Put a . after the .com in the URL. You're welcome.

      • It said in the article it asked them to remove it, but they must do so to retain access to mobile company email.

        So, I can keep my freedom of choice and not be expected to be chained to the company communications system on my own time? Apart from the spywire-laden app thing, I don't see a lot of downside.

    • In my company, supposedly for "security purposes", if you install their email app and other doc access apps YOU MUST accept their management system on your phone, even if personal, which can track usage and remote wipe if need be.

      They do offer a company provided phone otherwise.

      Ironically I can access the email via the web browser so I didn't bother.

      • by raynet ( 51803 ) on Friday July 10, 2020 @01:42PM (#60284012) Homepage

        I always opt for company supplied phone, just so I can turn if off when I am not at work.

      • Company phone all the way. No way would I want to give my employer access to my personal device. If they don't want to pay for a company phone, don't expect to reach me outside of normal working hours.
      • It can depend. If the only access granted is to be able to wipe company data, then that isn't too bad. However, it's more likely that it is a case of "we reserve the right to poke through, copy, delete or otherwise interfere with any of your stuff", in which case I reserve the right to tell them to go fuck themselves.

        • by HiThere ( 15173 )

          How are you going to know what the capabilities are before they use them to wipe your phone?

          I've got a huge amount of resistance to installing ANY apps on my phone, and all I use it for is a phone and an alarm clock. If I had anything vital on it...well, it would be a lot more stripped down than the supplied software is. And possibly I'd have a virtual machine jail to run any required software that I needed to install. (They do have those for phones don't they? I haven't gone looking.)

      • Your device is MDM managed then. Android/iOS managed devices have OS policies that allow them to configure their email and doc apps to prevent "data leakage" from those apps to "unmanaged" apps that you download yourself, like TikTok.

        Access to OWA email throught the browser can be managed and even VPN tunneled with their MDM.

        It is possible I'm boring you. :)

    • Yeah, this is begging for a lawsuit if they're not providing the devices.

      Just tell them to leave it in their locker.

      • by cb88 ( 1410145 )
        All they have to do is include notice of this in your employment agreement and/or pay you for use of your phone (they can get a tax write off).
    • They haven't told them at all, doesn't seem to be overreach. They have asked them and TOLD them that to continue accessing the corporate mail system they will have to have removed it. Only thing I am surprised at is they didn't already have this policy, we have had this poilicy for tiktok and a number of other apps for quite some time now.
    • If it's MDM managed, depending on how the device is registered (company owned, employee owned) dictates how much the employer can restrict on the phone. Company apps and data are containerized separately from the user's personal apps and data. Compliance policies can be put into place on employee owned devices that say "if we notice you have TikTok installed, we're shutting off access to company email" and things like that.

      However, considering how Jeff Bezos himself got his phone compromised by WhatsApp a

    • To be fair there is no proof that what he said is true. A lot of it are conjectures. They could be true, they could be wrong.

    • Original Reddit posting: Not new news, but tbh if you have tiktiok, just get rid of it [reddit.com]

      TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.

      * Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)

      * Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)

      * Everything network-related (ip, local ip, router mac, your mac, wifi access point name)

      * Whether or not you're rooted/jailbroken

      * Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC

      * They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

      And a new subreddit: Reversing and documenting all things TikTok [reddit.com]

  • It could be listening to everything you say, and sending the audio to TikTok's servers in China. Amazon is knows exactly the true risk here, because they're an expert on this [amazon.com]
  • China runs a firewall and spies on people... This must be some effort for them to keep this up. Just imagine what they could do if they used their men power for something good.

    But what do I really know?! Perhaps when one is a powerful communist then paranoia feels better than happiness!

  • Yet Amazon expects everyone else to trust them. interesting.
    • by HiThere ( 15173 )

      A valid point. There's also no reason to trust Amazon. For some people they make an informal cost/benefit analysis and decide in favor of Amazon. I may think they're wrong, but I don't know the weights they put on things. (Of course I *suspect* that they're just denying things that would be inconvenient to believe, but I don't *know* that's what's going on.)

  • If Apple and Google can't properly sandbox apps.... that's the real story. It should be impossible for this or any app to do that much...
  • Jeez, folks. If you're going to tell us something that isn't true, could you at least be consistent?

    This one, maybe two, misstatements does get old.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...