The National Cyber and Information Security Agency (NÚKIB) has issued a WARNING against a cybersecurity threat consisting of installing and using the TikTok app on devices accessing critical information and communication infrastructure systems, information and communication systems of essential services and important information systems. NÚKIB has issued this warning based on the Agency´s findings and information from partners. The Agency is concerned about potential security threat stemming from the use of TikTok primarily due to the amount of user data that is collected by the app as well as the way the data is handled. Such large-scale data collection is concerning due to the legal and political environment of the People's Republic of China (PRC), given that ByteDance, the developer and administrator of TikTok, falls under the legal jurisdiction of the PRC. The warning applies to authorities or persons which are obliged to implement security measures pursuant to the Cyber Security Act. The warning is in effect from the moment of posting on the notice board of the NÚKIB.
Based on the warning, obliged persons must respond by taking appropriate security measures. This threat is assessed as "High," meaning probable to very probable. The NÚKIB recommends prohibiting the installation and use of TikTok on devices that have access to the regulated system (corporate devices as well as personal devices used for work purposes) as the best way to eliminate or minimize the threat. The Agency also encourages the public to reconsider using TikTok as well as the quantities and types of data that they share through the app. We do not recommend using the app to “persons of interest” who hold high-level political, public, or decision-making positions. The warnings issued and the recommendations outlined above are in accordance with the Cyber Security Act, which requires NÚKIB to promote prevention in the field of cyber security.
"I proceeded to issue the warning based on a comprehensive analysis of information about TikTok that we obtained from public sources and our allies. The amount of data being collected and handled, combined with the legal environment in China and the growing number of users in the Czech Republic, leave us with no other choice than to describe TikTok as a security threat," said Lukáš Kintr, director of the NÚKIB, on the issued warning. Kintr added: "The warning does not distinguish between users from the public and private sectors. The key issue is whether a threat to a particular system could harm the functioning of the Czech Republic and the security of each of us.
The warning in its entirety can be found here: https://nukib.gov.cz/download/publications_en/2023-03-08_Warning-TikTok-App.pdf.