By Office of the Chief Information Officer/G-6January 15, 2020
TikTok is a popular short video application (app), owned by Chinese company ByteDance, that poses a potential national security risk through its ability to collect personal information from a user's mobile device.
In January 2017, the Army Chief Information Officer/G-6 published a policy memorandum entitled Mobile Application Authorization Process for Vetting and Analyzing Mobile Applications. This memo notified users of Government Furnished Equipment (GFE), including common mobile devices like iPhones and Androids, that only apps available through the Department of Defense Mobility Unclassified Capability (DMUC) Mobile Application Store (MAS) or the TRADOC Applications Gateway (TAG) are approved for downloading onto GFE.
While some commercial apps have been approved for use on government furnished mobile devices and made available through the above sites, the TikTok app has never been authorized for use on GFE. Further, no efforts are underway to approve TikTok for use. All instances of TikTok on GFE must be removed immediately.
Commercial application vendors can seek approval for their app's usage by starting the National Information Assurance Partnership (NIAP) evaluation process at any time. Testing is conducted by approved commercial testing labs that are accredited by both the National Institute of Standards and Technology (NIST) and the NIAP. The NIAP evaluation process takes approximately three to six months. Only apps whose risk of use on the Department of Defense Information Network (DoDIN) is deemed acceptable will be issued a validation report.
When a validation report is issued, the application may be added to the compliant or approved products list and be made available for download via the DMUC MAS and TAG. All mobile apps available on these sites have been vetted and approved by the proper authorities, the Mobility Program Management Office (PMO) of the Defense Information Systems Agency (DISA,) and the Program Manager (PM) of Army Mobility at Training and Doctrine Command (TRADOC).
Commercial applications available through the Apple Store or Google Play that are not available through the DMUC MAS or TAG are prohibited from being downloaded and utilized on GFE devices.