PUBLISHED DATE: 23 October 2025
The main security risks from social media apps concern third-party access to information that is on the devices associated with the social media account and application. Some of these security risks can be controlled, depending on the technology you have available. Other risks will need to be accepted if you want to permit staff to use social media on agency devices.
Because it can be difficult to modify an app’s permissions, if you want to allow social media apps on mobile devices you will need to focus on how you can control the device, and access to official information stored on it, rather than attempting to control the social media app itself.
Your organisation should make carefully considered decisions about who can install social media apps on work devices, for what purpose, and how you can reduce the associated risks. To help you make these decisions, we recommend you talk to your Chief Information Security Officer (CISO).
Questions to ask your CISO about social media app risks
- Are our staff able to install social media apps on work phones and devices?
- Do any of our staff have a genuine business need to use social media apps on work devices?
- Could accessing social media through a web browser (rather than mobile app) meet the business needs?
- What other apps and organisational information do our staff have access to on the same devices that social media apps would be installed on? Does that increase risks?
- Does our security policy or social media use policy provide guidance for when and where to use (or refrain from using) social media apps?
- What technical controls do we have available to reduce risks?
Related information
Assessing the risks of social media applications on government mobile devices