back to article BBC to staff: Uninstall TikTok from our corporate kit unless you can 'justify' having it

The world's oldest national broadcaster, the venerable British Broadcasting Corporation, has told staff they shouldn't keep the TikTok app on a BBC corporate device unless there is a "justified business reason." A Reg reader inside the Beeb told us yesterday's edition of internal staff newsletter Ariel contained some new rules …

  1. Anonymous Coward
    Anonymous Coward

    If they want to be consistent..

    .. they should ban WhatsApp as well as it copies address books wholesale instead of doing a hashing match.

    1. big_D Silver badge

      Re: If they want to be consistent..

      There is an extra version of WhatsApp for Business that does claim to be GDPR compliant.

      That said, I've never used it, the whole of Meta resolves to 0.0.0.0 at my gaff.

    2. cyberdemon Silver badge
      Devil

      Re: If they want to be consistent..

      TBH that's Google's fault, since the address book API gives actual contact phone numbers, not hashes.

      But then again TikTok collects a hell of a lot more than just phone numbers. It can rifle through all of your documents and downloads if it wants to, because it has "shared storage" permissions. But again it's Google's fault that such a permission is so widely granted in the first place.

      Supposing it turned out that Google and Apple were not very privacy-respecting companies either. Should we ban Google and Apple software from all phones?

      A great idea if you ask me. I'll revive my old N900.

      1. Lord Elpuss Silver badge

        Re: If they want to be consistent..

        Doesn't do that on Apple. I have mine set to Specific Contacts, and Specific Photos/Videos. It's a bit of a pain to manually 'manage' which photos it has access to whenever I want to send something, but at least I'm happy it's not just rifling through willy-nilly.

        Maybe time to ditch Android and buy a real phone.

        1. Lord Elpuss Silver badge

          Re: If they want to be consistent..

          25 minutes in and only 5 thumbs down; standards are slipping. Come on Fandroids, get voting!!

        2. Snake Silver badge

          Re: doesn't do it on Apple

          Modern Android has quite a bit of privacy controls...that almost not a single person bothers using. The app permission controls are there but they are completely ignored by the Great Unwashed. I, OTOH, have so many permissions denied to everything that I'm sure the app writers would get into a fit of denial-rejection once they knew that people *can* say, Yes, Screw You.

          1. Snowy Silver badge
            Coat

            Re: doesn't do it on Apple

            How visible are the controls?

            1. Snake Silver badge

              Re: how visible

              Very. There is a "Permissions manager" in the App control panel, plus an additional "special access" permissions manager as well.

              But I *will* pass on an easy secret: newly installed apps inherit permissions from the settings of Google Play Services. Deny Play Services everything....all apps also inherit the denials upon installation. Simple.

          2. Anonymous Coward
            Anonymous Coward

            Re: doesn't do it on Apple

            Modern Android has quite a bit of privacy controls

            Stress on the word 'modern' - that only got implemented when it proved hugely popular on iOS. That said, some things were first on Android (can't remember what it was now, but I noticed at the time that it was a feature I'd love to see in iOS) so from a feature perspective they're keeping up with each other.

            However, the huge difference is in the motivation of the companies behind them and where they make their money, and whereas Google monetised every scrap of data it can grab (read their Terms completely to see how much permission you've given them), Apple wants to sell you hardware and is thus happy to protect your privacy if that means it can sell more.

            Or, put differently, for Google the hardware is not where their profit lies, it's your data, whereas with Apple it's the reverse.

            That difference in motivation is what makes me prefer iOS, but others may decide differently - vive la différance, I'd say. It would be terribly boring if everyone made the same choice..

            1. Snake Silver badge

              Re: Apple 'privacy'

              Drank the Apple advertising Kool-aid, I see. Apple sheeple to the rescue.

              Forget the Facebook scandal? Forget the iCloud photo scanning? The Siri records sharing? The Apple phone home usage and location systems?

              https://duckduckgo.com/?q=apple+privacy+issues&t=fpas&ia=web

              1. mantavani

                Re: Apple 'privacy'

                He didn't say he trusted Apple, just that he trusted them more than Google. I make the same judgement. Admittedly the spectrum of insitutions more trustworthy than Google is vast. It's unfortunate that it's essentially a binary choice between the two if you want to be able to use things like e.g. banking apps.

              2. Knightlie

                Re: Apple 'privacy'

                Oh wow, the Kool-aid reference, not seen that since 2014. Luckily I wasn't at Jonestown.

                Googles business model is to sell ads based on your private data. Apples business model is to sell phones. I know which one I inherently trust and which one I don't.

        3. O RLY
          Trollface

          Re: If they want to be consistent..

          "A real phone"

          Would that be a Librem 5?

          1. Lord Elpuss Silver badge

            Re: If they want to be consistent..

            https://www.robertdyas.co.uk/media/catalog/product/2/0/205791.jpg

      2. big_D Silver badge

        Re: If they want to be consistent..

        The thing is, the Chinese could probably go to data brokers in the USA and buy more information than they are currently collecting... The whole system is broken.

        This is more scapegoating than anything else, there are US companies that collect the information or even more information and sell it openly, but that is fine, because capitalism. But a Chinese company doing the same thing? That is BAD!

        That said, banning such apps from company devices should be standard behaviour anyway...

      3. Anonymous Coward
        Anonymous Coward

        Re: If they want to be consistent..

        I think Apple is a bit ahead on the privacy protection front, to the point that they seriously pissed off emperor Zuck*, first when they imposed hard controls on which app can access which resources quite early on in iOS (and you can retrospectively change it too), and next when they implemented mandatory reporting on all apps in the app store a few years later on what it wanted to access, so you could decide before you downloaded what risk you were taking.

        As Apple doesn't really make any money reselling personal details as a revemue stream, their motivation to implement things that break your privacy is a lot lower.

        And the phones are more secure, to the point that even an iPhone 6 will still get updates, and that model is now 8 years old.

        * My apologies if that led you to picture him naked..

        1. cyberdemon Silver badge
          Gimp

          Re: If they want to be consistent..

          I agree with you. I just object to doing everything the "apple way" which is forced upon anyone who uses one of those iDevices. It;s even worse when everyone (i.e. Google and Microsoft, even GNOME) copies them in their dumbing-down of the user interface and creeping integrations that make you buy more iThings.. and if you don't buy all the iThings and join the cult then you're Doing it Wrong.

          On security though, they have it well locked down from sharing my data with 100 corporations that I don't trust, to 1 corporation that I don't trust. Yet somehow that doesn't make me feel all warm and fuzzy.

    3. Anonymous Coward
      Anonymous Coward

      Re: If they want to be consistent..

      So they're OK for Google and/or Apple to spy on them (plus whoever is behind a host of other apps) but not TikTok? Despite us knowing that these other sources are collecting data and having no proof that TkTok is any worse.. hmmm.

      Personally I'm not a TikTok use so it doesn't effect me but there does seem to be a large element of hypocrisy....

      1. Alumoi Silver badge

        Re: If they want to be consistent..

        There's no hypocrisy here. Tiktok is spying for the wrong party, that's all.

        1. Yet Another Anonymous coward Silver badge

          Re: If they want to be consistent..

          They can't ban Whatsapp - it's what the cabinet leaks on

          1. Binraider Silver badge

            Re: If they want to be consistent..

            It's been a real goldmine of info, hasn't it?!

      2. Stuart Castle Silver badge

        Re: If they want to be consistent..

        The problem is that TikTok is linked to the Chinese government. While you or I probably wouldn't do much to get the attention of the Chinese government, most journalists (including those employed by the BBC) would, so, TBH, while I have no problem with TikTok for personal use (that said, I don't have it on my phone, but this is because I have no real need to TikTok beyond watching the odd video), I am surprised the the BBC haven't acted before now, and I'm still surprised they haven't banned it.

    4. VoiceOfTruth Silver badge

      Re: If they want to be consistent..

      You don't understand. You haven't got with the program. This is not about security. If it was, FaceBook, MS, Google, Instagram, etc, would all be banned. It is about HM Government being good little puppies to their owner the US regime.

      1. Snowy Silver badge
        Facepalm

        Re: If they want to be consistent..

        Of China and US currently one of them is committing genocide, I leave it to you to figure out which one.

        1. Claverhouse Silver badge

          Re: If they want to be consistent..

          America is all genocided out.

        2. Orv Silver badge

          Re: If they want to be consistent..

          "Currently" is doing a lot of work there.

          1. Snowy Silver badge
            Coat

            Re: If they want to be consistent..

            Sadly very much so.

            1. Snowy Silver badge
              Megaphone

              Re: If they want to be consistent..

              Just to add

              I can not stop something that happen in the past but I can to stop things happening right now.

  2. big_D Silver badge

    SOP

    That has been SOP at every company I've ever worked at.

    No private apps on company device, no company apps or data on private devices and never the twain shall meet.

    Social media has never been part of an employees normal duties at the companies I've worked at/with either. Apart from, maybe, marketing, none have ever had social media applications on their company devices.

    1. Korev Silver badge
      Flame

      Re: SOP

      My employer is the other way around. Company (i)phones are on a dedicated WiFi network with very few restrictions; the laptops and desktops have their Internet traffic decrypted and scanned. We're instructed to do anything personal on the phones (I guess this avoids liability if an employee looks at the medical or banking records etc).

      Is that a firewall icon? -->

      1. Anonymous Coward
        Anonymous Coward

        Re: SOP

        My employer has everyone's phone on a separate wifi that's not monitored and doesn't block spotify etc

        The only difference is that corporate doesn't know it has a separate wifi that isn't monitored and doesn't block spotify etc

    2. Yet Another Anonymous coward Silver badge

      Re: SOP

      >Social media has never been part of an employees normal duties at the companies I've worked at/with either.

      So you've not worked for a news organization?

      The BBC are (nominally) a news organization

      1. SundogUK Silver badge

        Re: SOP

        And the BBC have acknowledged that some staff will require access for that reason. But that part of the BBC involves < 5% of the staff, if that.

        1. Dave Schofield

          Re: SOP

          >And the BBC have acknowledged that some staff will require access for that reason. But that part of the BBC involves < 5% of the staff, if that.

          Isn't the BBC a *broadcaster* and as such most departments will use social media to advertise the TV channels, radio stations, websites and all the other stuff it does?

          Yes, Karen in accounts and Keith in maintenance won't, but it would be far more than 5% of the staff involved with making broadcast content - and that is before you get to the contractors and freelancers who produce content for the BBC.

          1. big_D Silver badge

            Re: SOP

            Yes, but you will have a designated person or persons in each team, or a central team that coordinates everything.

            Not every employee in every team needs access to the official social media channels - in fact, everything has to be controlled and a release given, before anything can be posted, so you will have very few people who have access to the official social media channels.

    3. ITMA Silver badge

      Re: SOP

      It can be a real issue if apps like WhatsApp end up becoming a semi-official communication channel within a company without any oversight.

    4. CrazyOldCatMan Silver badge

      Re: SOP

      Social media has never been part of an employees normal duties at the companies I've worked at/with either

      We have a dedicated team to do external comms and they are the only ones allowed to comment on behalf of the organisation. Other people doing so will lead to a very terse conversation with their manager, especially if it's negative.

      I know one person that had their career ended prematurely (gross misconduct after the usual warning processes) for bad-mouthing work very loudly in social media.

  3. Sp1z

    MDM

    Why in hell aren't the BBC using some form of MDM for corporate devices?

    This could be over in the time it takes to change a policy or two (10 mins).

    1. GruntyMcPugh Silver badge

      Re: MDM

      My thoughts entirely. I inherited managing mobile devices recently, and after this recent round of Tik Tok banning I just had a look at our InTune portal, checked to see if we'd allowed Tik Tok as an App, we hadn't, and thought 'phew' and I was done.

    2. Franco

      Re: MDM

      It would be over in 10 minutes if it was an IT decision, but the higher-ups will want to create policies and that will take time, particularly given the BBC's recent policy-based issues where freelancers are concerned.

      It's banned where I am but already we've had the media/comms teams request an exemption.

      1. 43300 Silver badge

        Re: MDM

        That's what happens - comms will always want access to this sort of thing!

        I blocked the Daily Mail website on the firewall for a while, years back. Comms insisted that it be unblocked - presumably they just couldn't live without reading the crap on the sidebar of shame?!

  4. Esoteric Eric

    Only American companies are allowed to spy on the British

    This then allows the British to spy on the Americans

    Part of the 5Ballbags solution

  5. Binraider Silver badge

    Stop being a bloody chicken and ban bloody the thing full stop.

    It is a hazard to your network security, and if you want cat videos there are other ways to get them.

    1. Yet Another Anonymous coward Silver badge

      But if we criminalise cat videos only criminals will have cat videos

      1. CrazyOldCatMan Silver badge

        criminalise cat videos

        My cats are keeping their eyes on you. Expect a harball next to your head on the pillow any day now..

    2. sabroni Silver badge
      Mushroom

      re: It is a hazard to your network security

      But no more or less than any other app.

      This looks like bigotry because it is bigotry.

      Ban the lot or stfu.

      1. Binraider Silver badge

        Re: re: It is a hazard to your network security

        No arguments from me on banning the lot.

        But have you read the T&C's for TikTok? Significantly worse than Meta.

  6. VoiceOfTruth Silver badge

    Snooping

    -> worries the app is used to snoop on Brits.

    Meanwhile, FaceBook, Google, MS, all continue as though the sun shines out their collective arses.

  7. iron Silver badge

    When can we expect them to ban Facebook, Twitter, Instagram, WhatsQApp (typo but it amuses me so leaving it), Chrome and anything else corrupted by the hand of Zuck, Twitler or Google?

  8. Doctor Syntax Silver badge

    What happens when/if the Online Unsafety Bill becomes law with every device backdoored by HMG? The present situation is going to be looked back on as the halcyon days.

  9. Anonymous Coward
    Anonymous Coward

    Adults Use TikTok?

    I must be really behind the times. Last time I could be bothered to look, TikTox was for children to post dance videos. Why would adults even install it on their work device ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Adults Use TikTok?

      Unfortunately to watch teenagers doing dance videos.

    2. mark l 2 Silver badge

      Re: Adults Use TikTok?

      I guess in an organisation such as the Beeb there would be more people who would be active on Tiktok than in a regular office, due to them working in media themselves.

      But AFIAK Tiktok can be used in a web browser anyway, so no real need to have the app on even on a work device, sure if they need it for work purposes just go to Tiktok.com and do whatever they need to do from there?

      FYI I don't have a Tiktok account so don't know how much functionality the app has over the browser version, but certainly when someone has shared a link to something on Tiktok before now, its loaded up in Firefox OK without me needing to login or anything.

      This is part of the issue that lots of stuff that works fine from a technical standpoint in a browser with all the sandboxing and restrictions on what can be accessed on the OS side built in by the browser developer. But we seem to have gone down the patch of making everything into an app which often request far more permissions than needed.

      1. Yet Another Anonymous coward Silver badge

        Re: Adults Use TikTok?

        Why would the BBC journalists need to see what the young people are doing on tiktok?

        If the BBC needs to know something the government will give them a press release

    3. Anonymous Coward
      Anonymous Coward

      Re: I must be really behind the times.

      You are. Why don't you show off about it like you think it's clever?

    4. IGotOut Silver badge

      Re: Adults Use TikTok?

      This may come as a suprise, but the BBC also make a huge amount of content for kids / young adults. In fact without the slightest whiff of irony, there isn't another country that makes kids TV even close to the BBC standards.

      1. Anonymous Coward
        Anonymous Coward

        Re: Adults Use TikTok?

        Original AC here.

        Oh I agree with that - some of the CBBC stuff is excellent. I think my point was more along the lines of TikTok started off as a children's app, when did adults start using it? Not being into social medai I never notice the change in audience and I'm more curious about the transistion from where TikTok started to where it is now. Is it the original children grew up and took TikTok with them or did 'crusties' like myself start using it as well?

        1. Anonymous Coward
          Anonymous Coward

          Re: Adults Use TikTok?

          from a quick search it looks like adults can use app on their devices to monitor and control their children's usage.

  10. Anonymous Coward
    Anonymous Coward

    why the hell

    Do organisations allow crap like tiktok, twitter, facebook and god only knows how many other garbage apps on user's phones?

    Work here, personal there and *never* cross the streams.

    1. 43300 Silver badge

      Re: why the hell

      It's usually down to comms departments! They insist that all this is needed.

  11. Sulky

    Try installing tiktok....

    If you work for the PRC government, they've banned it as well.

  12. Anonymous Coward
    Anonymous Coward

    NHS?

    I know that "managerial" people have needed to have FaceBook and Twatter. Have any asked for this?

    1. Anonymous Coward
      Anonymous Coward

      Re: NHS?

      How else would they film their elaborate well-rehearsed dances in empty wards?

  13. This post has been deleted by its author

  14. Plest Silver badge
    Facepalm

    Why is it on company kit in the first place?

    If you have a company device then the company should have installed software and privs to prevent installs by users. All our corp kit is manage by company policies, you need to break them then it has to be agreed with both head of IT and head of infosec and you better have a very good reason else you get laughed out the door. If there's an app you need then it comes in via the company supplied repo/store delivery, not you randomly installing stuff!

    FFS! We pay licence fees and they're not just for Aunty to piss away money making shitty middle-class sitcoms or dreary working class dramas, it's for the org to manage it's tech stack as well.

  15. SnOOpy168

    “Once you start down the dark path,

    forever will it dominate your destiny.

    Consume you, it will.”

    Master Yoda

  16. Dave Null

    Corporations should have an MDM policy. Fight me.

    You connect to corp resources, you get a corp mobile device management policy. This enforces things like:

    * encryption

    * PIN/passcode complexity

    * Block/allow list of apps that can be installed

    * Remote wipe (with granular control of work-only resources using Android Work Profile)

    * Conditional Access to corp resources (e.g. you have to be patched and up to date on OS etc)

    This is TRIVIAL to set up. There are loads of options for corp IT and if they are an M365 user they can just enable InTune in the management console and it'll do it for them.

    IMHO ALL corps that care about security should be doing this now. This also should apply to gov/civil service etc.

  17. unbender
    Facepalm

    Not good new for TikTok's sponsorships

    The Women's six nations kicks off on Saturday with TikTok as the major sponsor. If anything like last year they generated mountains of media which the BBC re-broadcast.

    Some folks going to be struggling with working out how to square that circle.

    1. TeeCee Gold badge

      Re: Not good new for TikTok's sponsorships

      So the Beeb won't be able to reuse the product of the vacuously moronic denizens of TikTok?

      There should be a measurable improvement in the quality of the BBCs output as a result of this.

  18. jollyboyspecial

    Whether it's government agencies or the BBC this shit puzzles me.

    It's a work device, why the chuff would you need social media apps on a work device?

    I can accept that some people in the BBC might need it if they actually use social media (ie the social media teams) or if they report on that shite (so technology journalists).

    Wherever I've worked in the past any devices have come with strict instructions that the device is for work only and not for personal use. Using your work device for social media (not just tiktok) comes with security risks sure, but the big thing here is that these reports imply that the BBC and various government agencies are firstly using social media on work time and secondly they are using publicly funded devices for recreation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like