ICE Employees Downloaded Banned Apps on Government DevicesNew Report Identifies ‘Risky’ Unauthorized Apps That Pose National Security Risks
A federal watchdog found U.S. Immigration and Customs Enforcement employees had downloaded "risky user-installed mobile applications" onto government devices despite the devices being banned from federal information systems for posing national security risks.
The Department of Homeland Security inspector general published a report Monday identifying thousands of banned mobile apps on government devices carried by ICE employees and contractors. Auditors also found third-party file-sharing tools, outdated messaging platforms and virtual private networks.
The user-installed apps pose "advanced and persistent" cybersecurity threats, according to the report, which is partially redacted to hide the name of the apps. One banned app spotted by auditors obtains device location and other critical data such as photos and contacts - information that could be shared with an unnamed government.
The report does not directly name short-form video social media app TikTok as one of the unauthorized applications identified on ICE devices. The White House in February gave federal agencies 30 days to insure the removal from government devices of TikTok and any other app also developed by China-based parent company ByteDance.
U.S. officials have long warned that TikTok poses national security concerns, telling lawmakers that the app can be used by the Chinese government to channel disinformation and harvest users' data (see: TikTok Says US Threatens Ban Unless Chinese Owners Divest).
The report criticizes ICE's "outdated and overly permissive personal use policy" for government devices, which it said "enables nearly unlimited personal use of ICE-issued mobile devices." The inspector general found that ICE failed to adequately manage and monitor most user-installed applications on employee phones for potential security impacts.
ICE isn't the only government entity struggling to provide oversight and enforce regulations banning the use of apps on federal devices. The Department of Defense inspector general earlier this year found that Pentagon employees had violated policy by installing dating apps and mobile games on government devices.
The DHS inspector general recommended the immediate removal of risky and unnecessary apps and implemented new assessments to reduce the risk of user-installed apps on ICE devices. The report also called on DHS' chief information security officer to review whether similar issues exist on other Homeland Security agencies and to take immediate action as needed.
In response to the report, ICE said it has already begun to block and disable the use of banned apps and is removing vulnerable and outdated messaging platforms and disabling the use of VPN applications. The agency said it was expanding its use of CISA's mobile application vetting program and updating its personal use policy for government devices, which was published in 2014.