Use of TikTok at UBC

Use of TikTok at UBC

Recommendations & Guidelines

Encouraging safe use of TikTok

Use your web browser to access TikTok

The Government of Canada has implemented a ban on the use of TikTok on government-issued devices, and provincial governments have followed suit. At this time, UBC is monitoring the situation closely and updates will be provided as required. We encourage you to be cautious by uninstalling the TikTok app from your devices and using your web browser to access content instead.

We also recommend that you evaluate your activities on all of your social media accounts, including updating your privacy settings and limiting the amount of personal information that you share.

TikTok is a popular social media platform with a focus on short-form video content. The app allows users to view and share videos, with suggested content determined by TikTok's algorithms.

TikTok is UBC's fastest-growing social media platform used by many UBC students, staff, and faculty for entertainment, education, research, outreach, and recruitment purposes. However, it has also raised security and privacy concerns due to its data collection practices and sharing of data with its parent company ByteDance, based in China.


Protecting your social media accounts and personal information

Safety precautions checklist

  • Access your account through your web browser, versus downloading the app
  • Update your privacy settings to control what information is collected and shared.
  • Limit the personal information you share including birthdate, address, and phone number.
  • Do not click on suspicious messages or links, even if they appear to be posted by someone you know.
  • If you get a "Friend Request" from someone you think you are already friends with then think, don't click.
    • Check your account for that friend
    • If you are still connected to that friend then you can assume that the new request is a scam
    • Report the scam and notify your friend that someone is impersonating them
  • Flag any posts or messages that appear to be scams.
  • Use unique and complex passwords for your accounts.
    • Using a password generator can help you create strong passwords and will securely store them for you so you don't have to remember them on your own.
  • Do not log in to your account while using public Wi-Fi
  • Enable multi-factor authentication

The risk considerations of TikTok

The TikTok mobile app is reported to collect data not only while using the mobile app, but on all activities across the device while the mobile app is installed, even if not in use. Of particular concern from a security perspective is the reference in TikTok's Terms of Service that the app may capture all keystroke patterns used on the device which would allow usernames and passwords to be exposed.

It is also believed that TikTok collects information about the use of the mobile device beyond the use of the TikTok application based on its Privacy Policy.

This data collection is similar to other social media platforms that collect a significant amount of data, however, some aspects identified in TikTok's Privacy Policy, such as keystroke logging, are unique to TikTok and pose a significant security risk. Additionally, there is concern that TikTok is sharing all of the data that it collects with its parent company ByteDance with the risk that it in turn could provide this data to China's government under its national security law. This could pose risks to UBC's broader systems and the personal data of its community, in addition to intellectual property rights, academic freedom, and reputation. In 2022 TikTok confirmed that employees in China have access to data, even if stored outside Canada.

By installing software such as social media apps on your mobile devices, you give these companies permission to access your phone's data including photos, videos, contact lists, and location information. Sometimes you can explicitly deny these permissions, but in order to use these apps to their fullest, you may not be given that option.

  • Here are some risks that could impact you:
    • Identity theft. Many people consider their personal social media presence to be private. However, attackers can use personal information shared on these apps to impersonate you and access confidential data, such as bank account information. This is a powerful tool for those looking to commit financial fraud.
    • Privacy concerns. Depending on your privacy settings, personal information and communications posted on social media can be accessed by unintended readers or recipients.
    • Data leakage. The apps you install may contain spyware, resulting in the leakage of your important information, including credit card numbers, personal photos, or stored passwords.
    • Information sharing.Apps may collect your personal information in the background, such as where you shop, what you search for, and your travel patterns, and then share it with marketing firms or other agencies without your knowledge.

How apps installed on work devices impact UBC

Since most of these apps, especially those on personal devices, are not vetted by UBC's privacy and information security teams, they may contain vulnerabilities that could be exploited and result in security incidents.

Due to the data collection and sharing policies of these apps, the University's confidential information is at risk of exposure to unauthorized users, which may result in reputational and privacy impacts to you and the UBC community.

These applications may be an entry point for social-engineering attacks such as phishing and ransomware, which may put the University, its community members, and their data at risk.

UBC Privacy & Information Security

UBC's privacy and information security teams believe that TikTok does pose a risk to UBC's systems and its stakeholders based on the implied activity in the Privacy Policy. UBC's Privacy Impact Assessment (PIA) process recently evaluated the use of certain TikTok direct marketing features and determined they were not compliant with British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) due to the sharing of personal information with TikTok without the required contractual protections on TikTok's use of the data. This Automatic Matching service is effectively already banned at UBC. However, UBC has not conducted a PIA on UBC's use of the TikTok platform for other direct marketing services; nor has it performed a security review of the app.


Stay informed

While we recognize the security and privacy risks of using TikTok, the nature of these risks has not yet been proven and has not changed overnight. While the federal and provincial bans have shone a spotlight on the issue, at this time UBC is not considering a ban on TikTok use on university-owned devices, however, the situation will continue to be monitored closely.

As this is a dynamic issue, we encourage you to bookmark this page for further updates. We also recommend that you use this information as an opportunity to evaluate your activities on all of your social media accounts, including TikTok.