Federal department bans on using TikTok on Australian government-issued phones are sensible but should also apply to other social media apps, experts say.
A growing number of Australian government agencies have begun banning the popular ByteDance app, amid security concerns over the company’s ties to China and which data might be accessible to the Chinese government about TikTok’s users.
The Canberra Times reported that almost half of the nearly 140 federal government agencies canvassed had banned the app on government-owned devices.
While most of the focus from the opposition has been on TikTok alone, the Department of Home Affairs is undertaking a review at the request of the home affairs minister, Clare O’Neil, of the security risks of all social media platforms and the correct government settings. The report is due to be submitted in the first quarter of this year.
Experts say TikTok should not be the sole focus of bans from work devices.
“I don’t think it’s as simple as TikTok – bad; American companies – good,” said Prof Vanessa Teague, a cybersecurity researcher at the Australian National University. “I think they’re all bad.”
Teague said while Apple and Google now give users increasing powers to limit which information they provide to social media apps – such as location and contact information – the apps can and do still collect a wide array of information on users.
“It’s all well and good to turn off location permission, but if you then upload a photo or a video that has your GPS coordinates … then you told them where you are, so it’s better but it doesn’t completely solve the problem.”
Dr Abu Barkat Ullah, a cyber security associate professor at the University of Canberra, also warned of the risks of all apps. He said that while limiting which apps can be installed on work devices makes sense, people will still be providing a lot of information through their own personal devices.
“We need to be very much careful about the personal devices, what data we are exposing to outsiders,” he said.
A TikTok spokesperson told Guardian Australia on Monday the company was “not unique in how we operate”.
“Some of the best-known and trusted Australian companies, including banks and telcos, openly state in their privacy policies that they share Australian user information with employees and third parties around the world, including China,” the spokesperson said.
“These organisations often collect sensitive data like financial information, medical records, legal information and more. The TikTok app collects less data than many popular mobile apps.”
The spokesperson added that the company would “continue to be diligent in ensuring we meet, or exceed, the data security standards applied to companies that operate in Australia”.
In a submission in February to a Senate inquiry on foreign influence through social media, the company’s director of public policy in Australia and New Zealand, Ella Woods-Joyce, said the company should not be a political football.
“We are proud of our heritage and it’s important to note that we operate no differently to other global companies and claims to the contrary are unsubstantiated by evidence,” she said.
O’Neil has ruled out a wider ban on the app.
“TikTok is one of the most widely used apps in Australia, much beloved by Australia’s young people in particular. It’s not currently on the table,” she told the ABC in February.
The Liberal, Labor and Greens parties, as well as Pauline Hanson and Bob Katter, are all active on the app. One of the most prominent federal MPs on the app, Labor’s Julian Hill, has said he does not use the app on his government-issued phone.
Teague and Ullah said the focus should be on educating Australians about privacy beyond TikTok, not just whether one app should be banned.
“Sometimes I say are we driving without seatbelts because everybody is using without knowing the challenges that lie behind [it],” Ullah said.
“I don’t actually think they’re really solving the problem, unless they’re solving the problem of Australians’ privacy and security, which would mean strong privacy laws, better education, encouragement of end-to-end encryption and an end to this nonsense that encryption is only for paedophiles,” Teague said.
“They actually have to change their whole direction and start encouraging people to use technologies that secure our data.”