Hacker News new | past | comments | ask | show | jobs | submit login
U.S. Navy bans TikTok from government-issued mobile devices (reuters.com)
386 points by swat535 32 days ago | hide | past | web | favorite | 161 comments



After reading this post a couple weeks ago (https://news.ycombinator.com/item?id=21725139), banning the app sounds like a good idea. I’m no expert on security, but the situation regarding Tik Tok’s practices sounds really bad.


As soon as I heard about it, I knew right away that they would have some shady practices around how they handle user data. You don't grow that quickly without not having robust data protection safeguards/policies, let alone being run by a company in a jurisdiction not known for their robust data protection laws (to put it nicely).


Doesn't matter, they have it on their personal phone.

App security is so bad that you pretty much need to virtualize the phone and feed it fake sensor data. The whole idea of unrestricted network access is stupid.


> App security is so bad that you pretty much need to virtualize the phone and feed it fake sensor data.

Yeah, this is really bizarre to me. I was trying to check on volume levels through walls in my apartment, so I wanted to find some random decibel measuring app and lock it down so I don't have to worry too much about trusting it. But somehow Apple's permission model, which provides a whole pile of privilege switches including mobile data, has no way to completely revoke Internet privileges for an app.


This is one of my favorite things about Android. It's trivial to restrict access using AFWall+ . You can block all access, mobile data access, WiFi access, it any combination thereof on a per app basis. Highly recommend it.


Unfortunately requires root though, which means for the vast majority of Android users this is not an option.


Yes very true. I've been rooting for years so don't usually think about that, but yes you have to be rooted. It's sad that for proper security you have to root your device. I'd love if they built that firewall into Android.

Anticipating a question, the best phones IMHO for rooting are the OnePlus phones and Pixel. Motorola had been good in the past but you have to get a code to unlock the bootloader (which I don't like).


NoRootFirewall is much the same. If you can install LineageOS it lets you revoke fine grained permissions without the app knowing.


Plus, regardless of background or technical expertise, rooting your phone dramatically decreases security.

Downvoters: so what security features do you lose and gain when you root your phone? You've weighed the pros and cons, right?


Not a down voter, but I disagree with you.

There's a fantastic example in my sibling post. Rooting gains you the ability to more tightly control network access. That alone is massive for privacy and security.

Obviously you have to run code with lots of permissions, which means you could be highly compromised by a malicious app. The onus on the user is much higher to vet apps. At the end of the day you have to place some trust, even if you don't root. It's a game of balancing tradeoffs.

It's overly simplistic to say that rooting dramatically decreases security regardless of background or technical expertise.


Thanks for answering. I guess now that it's possible to install your own key to verify rooted images in many phones, the problem is somewhat attenuated. Losing verified boot is a major loss.

So yes, that was a bit overly simplistic. I rooted my phones for a number of years before carefully looking at the pros and cons and deciding it was a poor choice for a consumer mobile phone. Obviously, we need root access for our dev machines and servers. But I try to follow the principle of least privilege, and in that case, not clear why root would be needed for a mobile phone.

But I concede that for some use cases, it can be a trade-off.

What other security advantage of rooting can you name besides tighter control of network access? Also, note that there are a few apps that allow some degree of firewall with unrooted phones. I also suspect there's a lot of room for improvement there.


Maybe I understand you wrongly, but when I open the setting of individual app in iOS, I can revoke both cellular and WiFi access for it.


I’ve found blocking an iPhone on my WiFi AP effectively cuts it off from the net. It may have cell, but I think iOS prioritizes the WiFi connection because it’s live to the AP, even though all requests stop there.


Why not just turn off cellular data?


Honest question: but what’s the threat model for wanting an OS to block this? I’ve so far only thought of leaking IP address and Bitcoin mining. But any website already easily has both capabilities (with somewhat arbitrary open sockets after the WebSockets handshake). Is the expectation that an app implementation should have less permissions than an equivalent website and so be the “safer” option?


I want to ensure that the app is just locally computing the decibel level, rather than streaming out data about what it's hearing.

I would ideally want websites to also have a "no more network access after your initial load" mode, but as you say that's fundamentally incompatible with modern web development. So I kinda just accept the loss there.


Isn’t it the same as any other access permission ?

For instance is there any specific model behind blocking device location, short of just not wanting to share the info ?

I’d see not wanting an app to send anything related to your device nor that it was even opened to be of the same kind.


Stock Android is the same, but MIUI (Xiaomi skinned Android) does allow you to control which apps have internet access, and whether they can use mobile or wifi networks.


You can turn off WiFi and then revoke cellular data for a specific app. Not the same thing but still effective, especially if you are only going to use an app once.


> The whole idea of unrestricted network access is stupid.

I've been coming around to a similar idea. I'd like a setup something like this for my desktop:

1. Some devices representing network connections. One or more are "real"; others may be VPNs.

2. Per-application settings governing which network devices, if any, the application may use. Default to none.

For example, the common way to use a VPN is like this:

1. Start your machine. You're connected to the internet, but not yet to the VPN. All of your running software is already using the internet over the unprotected connection.

2. Start the VPN. It will magically do something such that applications wanting to use "the internet" find it instead of the connection they used to find (the one the VPN itself is still using). All of your running software is now using the VPN. Did you want something to use the other connection? Too bad.

I'm sick of the idea that Windows perceives an internet connection somehow, hides it from me, and automatically makes it available to everything that asks for "the internet". But I don't actually know how to do this. Someone is working really, really hard to make sure I don't affect who uses what device.


Check out https://www.qubes-os.org/

They secure and compartmentalize at the VM-level so you can setup a VM to work only over Tor or VPN, and others to work directly over your own network. You can also restrict access to hardware per VM.


You can have per-application IP routing if you run applications within individual Linux containers. E.g.:

  sudo pflask --netif=macvlan:enp4s0:net0 tmux
Then inside tmux run a VPN client and the sensitive application.


This behavior is a function of Berkeley Sockets style APIs and the nature of routing tables/default routes.


Reading your comment melts my mind as a Linux user.

You can't just set your vpn connection as the default route? What's even the point if it's not the default route?

Applications (at least on Linux) have no idea what device they are using. They just request a connection to an IP and it's the kernels job to route that request correctly.


Of course Windows can (and does usually) use a VPN as an active route. The poster just doesn't know what they are talking about.

In particular this sentence is complete nonsense:

I'm sick of the idea that Windows perceives an internet connection somehow, hides it from me, and automatically makes it available to everything that asks for "the internet". But I don't actually know how to do this. Someone is working really, really hard to make sure I don't affect who uses what device.

As usual, MS has pretty decent documentation on this: https://docs.microsoft.com/en-us/windows-hardware/drivers/mo...

I don't particularly like the GUI_centric nature of much of it, but the complaint itself is completely ill-informed.


I had a feeling that this was just an uninformed user, thank you for clarifying.


You've described the same system I just said I didn't want. But I'm uninformed for complaining that I want something different?

> Applications (at least on Linux) have no idea what device they are using. They just request a connection to an IP and it's the kernels job to route that request correctly.

This is a bad idea. I want to connect the application to the device I think it should use. It shouldn't be able to find anything I don't tell it about.


>> Applications (at least on Linux) have no idea what device they are using. They just request a connection to an IP and it's the kernels job to route that request correctly.

> This is a bad idea. I want to connect the application to the device I think it should use. It shouldn't be able to find anything I don't tell it about.

Telling applications about resources is literally what the operating system is for. Both Linux and Windows let you do what you want.


Can't you configure this with most firewalls by restricting WAN traffic?


Installing a firewall app and checking the connection log on my Android phone really spooked me. There's a ton of traffic in the background that shouldn't be there. It's absolutely crazy that Android doesn't have a first party firewall or the ability to disable internet access permission per app, but that would impact Google's ad revenue, so of course we can't have that.


I don't know if this is a feature of Android or of the alternative ROM I'm using, but I can disable network access on a per app basis.

In my Android Pie based ROM, in Settings / Network & Internet / Data Usage / App data usage I can select any app and disable WiFi, Cellular data or both.


That must be the custom OS build. Many official builds allow you to disable cellular, though very time consuming.


It depends on the OS. Huawei's EMUI has a built-in firewall which can restrict access over Wi-Fi or cellular data to certain apps.


Settings -> Apps and Notifications -> Data Usage Control


A simple approach is to just ban personal phones while at work.

You can forward your number to a work phone while you're on duty, you don't need to carry a personal device with you.


That is what all units in USSOCOM do. No personal cell phones, smart watches, etc allowed in the office. Guests have lock boxes outside main entrance to secure their phone.

About once a week security folks wander through the offices looking for phones with some type of detector. God help the person who brought their phone in.


Few years ago I worked at an oil refinery in Scotland, the rules were the same - no personal phones on site, if you were found with one you'd get in deep trouble.


You may have seen people doing the two minute sprint then?

That's when you check the TOTP code on your phone, put it back on the stack of phones, and race as fast as you can back to your desk to enter the code before it expires.


Please, downvoter, tell me I'm wrong.


Good luck figuring out a sane UI for that for average mobile user.


No way. Restricted access to networks is a step back to the Bell System days. Once you open the door, it won’t close.

This is a legal and compliance issue. If you made the marketplace share liability for fraudulent apps, and had meaningful law around the ownership of electronic data, this problem would go poof.

In the US, a piece of paper in a locked drawer requires a warrant to access. Electronic data requires as little as an administrative subpoena


How would restricted network access help? If you permit a dodgy app to talk to only one remote endpoint, it can exfiltrate whatever it wants.


Why would a flashlight app need to talk to the internet at all?

(Advertising.)


but government issued phones have access to things personal phones don't.


I'm surprised there's even a blacklist of apps for work phones. Shouldn't there be a whitelist instead?


That is how it actually works. There is an approved app App Store. You have to go through a whole process to get it approved (I've tried). What the article really means to say is it that it's been removed from among the approved apps.


Since I’ve seen this asked elsewhere:

There is a legitimate usage for these kinds of apps on some devices. Armed services recruiters tend to use various social media apps to communicate with people they are trying to recruit.


Someone likely did a risk/benefit analysis and the analysis didn’t come out in favor of the benefits. It’s probably that simple.


In the case of Tiktok, I agree. I’m just arguing for the class of apps in general (social media applications) not for TikTok.


Given the intrusiveness of social media platforms, I think they would justify having hardware that’s air gapped from their military devices. That way they retain access to their audience, while maintaining security.


Yup, because it's easier to get around the parents' influence when they want to sell kids a line of BS.


I suppose the message that is sent here is : 'if you want to recruit you'll have to do it on Snapchat, YouTube, Instagram, Twitter, or Facebook instead of the one Chinese based app'

Is that not fair?


Security researchers have a legitimate use of computer viruses. Behavioural analysis or whatever else.

Does your grandma have the same legitimate use case?


I do not quite see that as a fair or valid comparison. Recruiters are trying to target 18 year olds, and the reality is a lot of these 18 year olds (outside of the tech field) prefer to use Snapchat, Facebook, etc to communicate. They’re not using these apps to communicate classified information.


My point is that the Navy has roles other than Recruiter.


Depends, does your grandmother feel like learning about viruses? If so, why not.


Totally different risk assessment level on a threat actor gaining location information of a recruiter (or all recruiters) vs. location of special forces service members.

The recruiter should get a waiver, a use case like that isn't a good reason to default to allowing.


They can just use Facebook’s Lasso app instead


with recruiters you mean actual recruitment agencies[1] or in the sense of the Chinese IC recruiting foreign agents?

[1] I don't see job-recruiting being a reason to allow this app. IMO any device that is used by a public servant paid with tax-$$ should be limited to what it runs and I'd be surprised if they don't have a very strict BYOD policy for this reason. Never mind TikTok they shouldn't be running any social media apps on their phones. There are other problems with this use such as what data ends up being leaked to social media companies (regardless of where they are).


I have watched hundreds of TikTok videos. The adults featured on the videos are less than 5%.


I think it's probably more for security reasons -- ie. they can be passing a dot map of all the Navy personnel around the world and their traveling patterns to the Chinese government.


Related (fitbit/strava leaking overseas military base layouts):

https://www.theguardian.com/world/2018/jan/28/fitness-tracki...


That level of basic location data seems almost trivial, they probably don't even need you to install anything for that. I would expect the app feeds them far more data.


It's absurd that _any_ non-sanctioned software was ever allowed on US Navy phones, let alone apps developed by a major adversary known for pervasive metadata collection. WTF kind of total and utter incompetence is this? Sounds to me like a major house cleaning is needed.


How many gov-isssued phones have TikTok? Instagram? If they want to make posts on official accounts shouldn't they do it in a more secure way anyway?


This is the right thing to do, but they need to do a lot more.


It took that long? Seems like they should have all apps banned and then approve the handful they want


What sort of vetting does Microsoft do on drivers written by manufacturers that ship with Windows?


Traditionally they have done testing for WHQL certification. It may make sense for them to do analysis or reversing in order to raise the bar. Or maybe change the design of the NT kernel to isolate device drivers better.


Does that do anything to uncover backdoors? Particularly if they have all the appearance of a bug.


and then a Chinese company buys an American app that already has all the data


They already have Grindr (for now)


That sale was blocked due to security concerns, so no.


Currently Grindr is owned by Kunlun, but they have agreed to sell it by June 2020.


By now, I'd be relatively certain that all but the absolute blackest sites are mapped comprehensively with publicly available app data.


An American financial service that I had multiple accounts with was just bought by a Chinese organization. There was nothing obscure about the service nor was there publicly available data about my accounts.


I'd say buying Experian is the nightmare scenario but all that data has already leaked. So maybe buying a major US bank like Wells Fargo is the way to go if someone wants more detailed data about American spending habits. I'm sure it's why Google's Project Cache is extending their reach to banking in 2020.


wouldn't surprise me if the military makes you strip naked, put your clothes in a microwave, then put them back on before getting on the plane to the black site. Each and every time.

Anything less than such ridiculous methods would be insecure. You can literally embed chips in the fabric of your clothing. https://www.rfidjournal.com/articles/view?11587


... Why would you not simply issue them new clothes instead of (potentially dangerously) microwaving theirs?


How do you ensure the new clothes aren't embedded with some chip placed by a spy who has access to the supply chain but not the black-site?

I'd assume they give them new clothes & microwave said new clothes. along with other precautions.


Because it's the military so everything technical is done/designed obtusely...although your idea is more in line with typical financial/resource wastefulness so it wouldn't surprise me either!


How would they sanitize the clothes they already gave them when they leave and return?


On the way in, they leave everything from outside, and on the way out, they leave everything from the inside and take what they brought in from the outside.


US Congress has the authority to block such acquisitions.


Yes, we have all seen Silicon Valley.


All of us don't watch TV series.


some of us do watch TV series.


Perhaps I should sell the U.S. Navy on my website https://www.quitfacebook.org.


Why was it ever allowed on these devices in the first place?


Why's "ban" needed?

Government should have full control over government issued devices and only whitelisted modifications should be allowed.

If it's not this way - someone at government should be held accountable for jeopardizing the security of the nation.


I'm guessing those phones are to ensure their owners have a dedicated communication channel and a platform to run non-critical tech necessary for their job.

Apps for non-sensitive emails, schedules, maps, org directories, etc.

If the government is putting sensitive military data on an Android or iOS phone, you should be concerned. A whitelist would not be a sufficient safeguard.


I think it's more an issue that non-sensitive data can still be harvested and turned into sensitive data. So for example, troop movements are sensitive. They probably wouldn't be coordinating those over unofficial channels. And normally if, say, a soldier says "I love you" to his family, that's not really sensitive. If all of a sudden, 40% of the soldiers on a base do that though, that's leaking sensitive data.


We use Citrix secure hub on iPhone (mail, VPN etc). Appstore is allowed also (minecraft etc)


> A Navy spokesman said Naval and Marine personnel who use government issued smart devices are generally allowed to use popular commercial apps, including common social media apps, but from time to time specific programs that present security threats are banned. He would not give examples of apps that are allowed or those considered unsafe.


I guess that it is phrased that way in order to signal other non-government organizations that they should have a look and probably ban it as well.


Because employees feel that they deserve to use Facebook and such on their government issued devices, and if you deny them their God given right, you are racist, sexist, and otherwise despicable person


> Because employees feel that they deserve to use Facebook and such on their government issued devices

True, and contributes to the discussion by pointing out that morale is a tricky thing.

> if you deny them their God given right, you are racist, sexist, and otherwise despicable person

This is _at best_ hyperbole. It has no insights, adds nothing of intellectual interest to the conversation, and falsely equates "I'm not getting what I want" with "Accusing other people of being racist and/or sexist."

That last bit is not only way off-topic for this, but it's an ugly and false smear that drags the level of conversation into the mud.


I agree strong security protocols are necessary, but our soldiers abroad should be allowed to interact with their friends and family abroad in some capacity via social media. I think your comment is a little over the top.


Well... I guess I can understand they don't want to go around with two mobiles.


I think this is an ironic reply. I hope.


> A Navy spokesman said Naval and Marine personnel who use government issued smart devices are generally allowed to use popular commercial apps, including common social media apps, but from time to time specific programs that present security threats are banned.

Should the Navy whitelist Ebay and Amazon? What about the Walmart app? If Target has one should they then apply to get whitelisted? What about navy personal in other countries with their apps? What about popular app/game xyz? There are a million apps?

If all that has to be whitelisted the buerocratic overhead would be either really cumbersome or the value of an issued device so small, that people would buy and use their own devices anyways.


Do they need those apps to carry out their duties? If not, that should remain on personal devices and left in a secure location while on duty. There have been too many incidents of apps like Strava publishing locations that it's just not worth missing something important.


This is a work phone and people should have an extra cell phone for personal uses, and when they're at a government job with sensitive information they should be using their work phone. People who don't work with sensitive information or interesting responsibilities can use whatever phone they want if they don't mind totally forfeiting their privacy.

But eBay? Amazon? Walmart? Popular apps and games? Sure, get those whitelisted. Or are we thinking about maximizing the value proposition of a work phone at a government job?


All the "apps" you mentioned should just be well designed web sites. No reason for an app.


Good point, we'll get the Navy right on that.


The point is that if you argue a soldier shouldn't have Target or Amazon on their phone, it's pointless, as they still have Safari or Chrome.


I'm not sure that's a complete argument.

If you're arguing that soldiers shouldn't do business with Target or Amazon on their mobile device, blocking an app won't get the job done, agreed.

But if the argument for blocking the app has to do with untrusted native code running on a device used for military purposes, the surface area of a browser is much smaller than the surface area of a plethora of native apps.


> the bureaucratic overhead would be either really cumbersome or the value of <insert service> so small...

Oh, I see you are already familiar with how the U.S. government operates.


I first read this as banning Twitter from all government devices and thought it was an early Christmas present for America.


Now the world will see Google & Facebook & Apple as security threats.


Don't forget MS. Took German privacy regulators until recently, more than 3 years after the release of Windows 10, to notice that the thing is phoning encrypted data home even after disabling as much of that stuff as possible.

Their final conclusion is that using Windows 10, in a data privacy-compliant way, is only possible with a "rest risk" [0]. Too bad that by now Windows 10 is not just in wide use among businesses, but also the de facto government OS, most of these installations running default settings.

Same deal with Intel's ME: The German Federal Office for Information Security, a bit like the IT department for the government, rated Intel ME's risk as high early 2018 [1]. Yet no actual consequences besides that release, government systems still running Windows 10 on Intel platforms.

So while a lot of the threats are known and acknowledged, nobody seems to really act on these findings.

[0] https://www.heise.de/newsticker/meldung/Datenschutzkonferenz...

[1] https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2018/...


That sounds like win-win to me because they kinda are, especially if you work somewhere that deals in highly secure data.


As they should.

Phylter 32 days ago [flagged]

They need to ban Chinese anything from US government anything.


Please don't post unsubstantive comments here, and certainly not nationalistic flamebait. We don't need yet another nationalistic flamewar.

https://news.ycombinator.com/newsguidelines.html


I'm not sure that's fair. To me GP comes over as jingoistic nationalism, but it also seems to have a substantive basis - the idea that foreign nations should be ejected at all levels from a governments internal systems?

I'd really like to ask "should other nations eject all USA companies products from their governmental systems too?" (because I'm really curious how an apparent ultra-nationalist sees that?), but you've decided we can't explore that avenue.

Sure, if things get perjorative cut it off, but conversations here tend to have a higher standard of discourse and excluding anything that might get touchy , IMO, unnecessarily limits the topics we can [usefully!] address here.

We can't learn to understand one another if we're afraid to enter discourse on the tricky topics. Yes, there are other places, but this is special here somehow; I think we, HN, as a community can explore these ideas intelligently and maturely with perhaps a slightly lighter tiller.


A key difference between your comment here and the one 'dang is responding to is that yours is conducive to continuing such a conversation in a constructive manner and the latter is not. I find that's very important in engendering the kind of environment you're striving for. That's how I read 'dang's admonishment: it's unsubstantive and flamebait because it doesn't provide much leverage to continue a meaningful conversation and rather encourages knee-jerk, similarly unsubstantive comments (as you've noted in describing it as coming across as "jingoistic nationalism").

(I'll leave this now as continuing a meta-discussion is something these threads often need less of, and I don't have a lot to add beyond this.)


You make a good point and yes, it seems that other governments would do very good to eject U.S. products from their governments too. Both Russia and China are working on just that. China is pushing Microsoft Windows out as much as possible, even in civilian computers.

Every government is looking to angle what they can from other governments. If I were in charge of a government it would be the approach I'd take.


I understand your point, and I agree. It's impossible to audit all that software and hardware and it is not an irrational decision to completely eject an adversarial government's technology, I don't know why this guy is giving you a hard time. I certainly wouldn't blame a Chinese or Russian government policy that bans technology from the USA.


[flagged]


Please don't post nationalistic flamebait to HN. It leads to flamewars, which we're trying to avoid here.

https://news.ycombinator.com/newsguidelines.html


Trying to keep the social harmony to benefit the 1% like Mr Paul Graham?


Trying to keep this place interesting to benefit the community. HN's mandate is to serve the curious. Rage has important functions, but that is not one.

I've posted countless comments explaining this from many angles. If you're interested, there's lots of opportunity to learn what this site is for and why we moderate it the way we do. Here's a recent one: https://news.ycombinator.com/item?id=21832654.

Lots more in places like this:

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...


Because the U.S. tends toward having a free market?


I am genuinely curious here, when one player has a free market and the other does not, how do you think that will work out? Do you believe that America can remain dominant while its companies get 85% access to the world population and Chinese companies get 100% access? I honestly don't understand this attitude, yes free markets are great as long as your counter parties are free market economies also, but China has been proven to be anything but


[flagged]


>China is ruled by a Communist party and they subscribe to communism

That's just outright incorrect.

https://www.wikiwand.com/en/Socialist_market_economy#/Market...


State Capitalism where they can take part or most of your wealth away at any time may be much closer to State communism.


What is incorrect about my statement? In case you don’t know or want to be reminded, the name of the ruling party in China is called ‘China Communist Party’.


Yes, I realize this, and my belief is that American needs to decouple with China and bring the total net trade between the two down by 70-80%, leaving rare earths, agriculture, and some manufacturing left in the balance of trade. When two systems are so far off of each other, there cannot be fair agreement between the two. As a result the only three options are containment, playing by communist rules, or walking away. In my mind oppression and state communism are not ethical, and so the only option is to walk away.


Capitalism is unethical. No economic system is perfect. Ironically, when the rich in the US are in financial trouble, they force government to be communist. Like in 2008 recession, companies were bailed out using taxpayers’ money. I am not denying that US has to do everything in their power to bring the deficit down, but they must stop pretending to be a free market while doing the exact opposite of a free market. Protectionism is only expected from communist countries, not countries that market themselves as free markets.


An eye for an eye leaves everyone blind.


when our Aircraft carrier is under attack, you won't say that again


[flagged]


Denying apps from an adversarial country on military personnel phones is not "Sino bashing". I wouldn't see it as American bashing if the Chinese government did similar. I'd just shrug and say "that makes sense".


Just what the Navy needs, more hyper bureaucracy for some weak attempt at security.


Hyper bureaucracy? It's a whitelist for trusted apps on a government device.


One off bans makes more sense, a whole unit set up to pre-approve millions of potential apps is crazy-town.

Then they use Google Chrome and hit a phishing-hole site and get their phone owned. But don't worry, they weren't allowed to install Netflix!

The problem here is open-source intelligence because TikTok is very popular among young members who spend all their free time in their bunk on their phone. Limiting the apps might help with that, but I'm highly skeptical. There's already plenty of restrictions on social media use for armed-forces members. I believe that path is the way to go - create restrictions on posting personal information.

Having some paper pusher unit pre-approving millions of potential apps sounds like a giant waste of time. It makes a lot more sense to react to bad stuff (like one-off reactions for a massively popular video sharing app with sketchy Chinese ownership) than pre-emptively ban everything, simply because it won't do much for security beyond what Apple and Google are already doing in the app store.


So because it adds a layer of security rather than 100% watertight perfection, it is bad?


Explain to me how it's useful for security? Because I can guarantee you it will be a giant time-and-money waster with plenty of arbitrary rules that do nothing for security.

There's millions of apps and tons come out every year. This nation-wide 'unit' will have to be constantly 'measuring them for security'. This isn't going to accomplish much of anything.

Either have a secure phone with pre-installed apps (ie, just a browser plus encrypted phone/messenger, military mapping tools, etc) and let them install nothing (which means they'll just use their private phone any way for the OPSEC fail stuff). Or let them do whatever and selectively ban the ones like TikTok which are massive surveillance potential just based on its popularity alone. These one-off or watching for bad-stuff and react approach makes far more sense to me.


You are right, there are millions of apps and nobody would be able to manually review them all.

The question then becomes, which error state is more acceptable for the organization? A system that occasionally misses malicious apps? Or a system that occasionally blocks a non-malicious app?


It's a device issued by your employer.

It doesn't matter if it's a laptop or a phone, you should only be using it for work.

Technology is much cheaper than it was 20 years ago. If you're not willing to purchase your own phone or laptop to do what you personally want to do with a device, you're likely not good at budgeting or decision making.


I'm not sure why they would evaluate any apps other than the ones they want to consider allowing people to install. It certainly does sound wasteful to evaluate something no one wants.


They have identified TikTok as a threat, and so they have removed that threat.


Yes and I'm advocating to continue taking that one-off approach instead of making some "ministry of apps" in the Navy to pre-approve every one of them.


They are not going to evaluate every single app to see if it should be white-listed. I expect they have a short list under consideration.


> One off bans makes more sense, a whole unit set up to pre-approve millions of potential apps is crazy-town.

The meta[1] is more real than most probably realize.

[1] https://www.doncio.navy.mil/TagResults.aspx?ID=22


This is silly. Do they allow any other social networking apps at all on government-issued phones?

edit: tik tok makes sense for recruiting, and apparently it is currently used in the UK.


It would be hilariously tragic if a major government official used twitter for communication.


I think they all do now. You have to engage with people where the people are.


I think it was a Trump joke.


I know that was the intent, but the reality is that eschewing Twitter gains a politician nothing, and costs them an audience.


> apparently it is currently used in the UK

There are various stories (the Daily Mail, Reuters, Times, please take your pick) that report that the Army is 'playing with' TikTok to see if it works in recruitment. Those same reports say it is being used by 'The Guards Division'.

The British Army doesn't have a 'Guards Division' [0]

[0] https://www.army.mod.uk/who-we-are/formations-divisions-brig...



You obviously didn't read the article.

> ... Naval and Marine personnel who use government issued smart devices are generally allowed to use popular commercial apps, including common social media apps ...


Not surprising. For several days now TikTok has left the information of 700 million of their users available via an open S3 bucket. It is online now at this very moment and includes IDFAs from Apple as well as interestingly, although I bet American companies do this to, the MAC Addresses. This is significant because my understanding is that Apple rotates / randomizes the MAC address because those can be used to, quite effectively, track individuals anywhere in the world (I would say it is better than GPS often at this point, especially indoors). Storage is cheap so maybe everyone stores them these days, or perhaps someone has found how to guess the rotation pattern (completely unproven theory that is likely wrong but only thing I can think of).

The coverage that Skyhook claims to have for instance is extraordinary considering this is totally reliant on Wifi points and cell towers: https://www.skyhook.com/Coverage-Map


Source? Also, will you post a source for your claim that ProtonMail is compromised? (I remember your username from a thread a few weeks ago)


Can you email me? I will respond very quickly. Sorry about the extra step. I will ping you the IPv4 address. That’s the best way to access.


Compromised and front company are different things I want to emphasize. ProtonMail hasn’t been hacked, it is a deceptive (and smart) company. So again want to make that distinction. For instance, https://joesdatacenter.com and https://datacenterwest.com are front companies. On the other hand, Facebook is just a kind of sad company that has been compromised obviously many times but isn’t a front company and I very much believe Mark Zuckerberg established it with the best of intentions.

Well I posted Part 1 of Credit Karma stuff please look at https://blog.12security.com


Can you explain or cite sources for how Joe's is a front company?


Quick google search didn’t reveal anything, source?


What is the link to the open S3 bucket?


Source needed. I wasn't able to find anything on this by googling.


Email me. Look at my profile for address.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: