Aarhus University is following advice from the national Centre for Cyber Security not to use TikTok on work mobile devices. Below you can read some questions and answers about TikTok.
According to the national Centre for Cyber Security (CFCS), the TikTok app represents a risk to the privacy and security of both public institutions and individuals:
“TikTok is an app that requests a wide range of rights and access rights on mobile devices. These access rights allow the app to collect a wide range of data and connect this data to the user’s identity. This applies to data such as the user’s location, contacts and browser history. When using TikTok, the user typically also gives TikTok access to the mobile device’s microphone and camera. Some of the data that TikTok is able to collect could also be used to spy on the user of the app.”
Read the article by the Centre for Cyber Security (in Danish only)
As a general rule, IT equipment issued by AU has been granted access to the university’s systems and network, so this equipment may not be connected to the TikTok service, cf. the above-mentioned security assessment.
If you have TikTok installed on your private phone or tablet, you may not use this device to access any AU data. In other words, it is not possible to sign in to work-related Microsoft apps such as Outlook, Teams or OneDrive from a device on which TikTok is installed
In general, everyone at AU is discouraged from having TikTok installed on their private phone for the sake of their own and AU’s privacy and security. But the Microsoft Authenticator app is not included in this advice, because this app only accesses data in order to carry out two-factor authentication.
Only if you take appropriate security measures. If you require access to TikTok for your research, you must first get approval from the relevant person in your research unit.
After this, you must contact your local IT support team to find a secure solution to access the app in a way that suits your specific research needs.
Contact your local IT support team.
The recommendation issued by the Centre for Cyber Security (in Danish only) gives us all an opportunity to reconsider our use of TikTok. Not only for the sake of organisations like AU but also – and perhaps especially – for the sake of our own privacy and security.
According to the rules outlined above, TikTok may not be used on any equipment issued by AU. In addition, as members of AU staff, student workers may not use mobile devices with TikTok installed to access AU systems and data.
For example, a student worker who replies to mails from an AU shared mailbox using Microsoft Outlook may not do so from a mobile device on which TikTok is installed.