Defense Department employees are downloading mobile applications to their work telephones that pose "operational and cybersecurity risks,” the department’s inspector general said in a report that stemmed from concern about the Chinese-owned video service TikTok and other messaging apps.

Employees are conducting official business on their work devices "using mobile applications in violation of Federal and DoD electronic messaging and records retention policies,” the inspector general’s management advisory said. The activities ranged from online dating to games, cryptocurrency reviews and scouting for luxury yachts, according to the "management advisory” released Thursday.

Pentagon agencies "lacked controls over personal use of DoD mobile devices to ensure that personal use was limited, complied with DoD policies and regulations, and did not pose operational and cybersecurity threats to the DoD,” the watchdog agency said. The report said the Defense Department provides off-the-shelf mobile phones and cell service to "select” department personnel to conduct official business but doesn’t say how many employees qualify.

The unauthorised applications "included photo and video editing, telehealth, weather, maps, and fitness applications,” the inspector general said. "In addition, some of the unauthorised unmanaged applications that users downloaded to DoD devices had known cybersecurity risks, operational security risks, potentially inappropriate content, or represent unacceptable use of DoD mobile devices.”

The report was the result of an investigation that stemmed from questions by Senate Judiciary Chairman Dick Durbin last year about texts that may have been deleted by departing Trump administration defence officials concerning the Jan 6, 2021, attack on the US Capitol.

"Today’s report raises more questions than it answers,” Durbin, an Illinois Democrat, said in a statement Thursday. "Was the disappearance of critical information related to the Jan 6 insurrection a result of bad faith, stunning incompetence, or outdated records management policies? We still do not know. But this report illustrates the key vulnerabilities and failures that the Defense Department needs to immediately address.”

TikTok concerns

The management advisory didn’t mention any apps by name. But the Pentagon and military services have expressed worries about TikTok, banning the Chinese-owned short video app from installation on government-issued smartphones in late 2019.

Still, two of the applications the inspector general discovered "were from a Chinese commercial off-the-shelf drone manufacturer that allow users to fly drones and capture edit, and share images.” These were after the Pentagon disclosed in 2021 that the Defense Department had issued a ban in 2018 on the purchase and use of all commercial off-the-shelf drones, regardless of manufacturer, due to cybersecurity concerns.

Even seemingly harmless commercial applications pose a threat to Defense Department "information and information systems when they require unnecessarily invasive permissions on DoD mobile devices,” the inspector general’s office found. Video games, shopping and weather applications "routinely require access to a device’s contact list, messaging platforms, location data, or other personal information, and often lack sufficient security or encryption standards.”

The report contained a number of instances in which key details were blacked out after the Pentagon declared the information "Controlled Unclassified Information.” These included the number of devices examined and number of times various unauthorised, unmanaged applications were installed.

 - Bloomberg