The government has banned the installation and use of recreational applications on business phones of 2,5 million state civil servants. What data security risks do these apps pose? ? Response with Eset France.
After the European Commission and then the European Parliament which had taken, last February, the decision to ban apps such as TikTok on business phones, it is now the French Ministry of Civil Service which has announced, March 24, a similar ban. So-called “recreational” applications such as TikTok, but also Netflix and Candy Crush, are now prohibited on the professional telephones of French civil servants. These applications pose “cybersecurity and data protection risks”, said the Ministry of Public Service. If doubts already hovered around the security of TikTok data, this is the first time that a state has banned or restricted the use of all recreational applications, regardless of their origin.
A justified measure of caution
Benoît Grunemwald, cybersecurity expert at Eset France, justifies this decision : “When an application is installed on a smartphone, it requests a certain number of authorizations. Storage access authorization, to the photos, to geolocation, to contacts or even messages. If most of its requests are legitimate and used for the functioning of the applications, they allow third parties to have a view of our uses and our data. Our research into mobile cyberthreats and cyberespionage shows how common app hijacking is. If financial ROI is the primary objective of recreational applications, data leaks and spying can occur. So, in order to limit the risk, it is prudent to dissociate private uses from personal uses. »
