And, in some cases, the data theft might have “already happened”.

The warning comes after India outlawed 59 mostly Chinese apps, ranging from social media to selfie apps, and both Australian and US officials raised the prospect of banning Chinese creation TikTok to limit risks to users.

But experts have stopped short of recommending a “blanket ban” on Chinese apps in Australia, instead pushing for laws to limit data collection and a nationwide campaign to highlight risks to unwitting users and parents.

Concerns over Chinese apps came after Prime Minister Scott Morrison warned of growing cyber attacks on Australians by a “sophisticated foreign actor,” and Labor Senator Jenny McAllister, chair of the Senate’s social media foreign interference inquiry, warned of “credible reports that TikTok takes more data than its users would expect”.

TikTok Australian general manager Lee Hunter dismissed the claims, saying Chinese owner ByteDance “does not share information on our users in Australia with any foreign government”.

But Edith Cowan University associate professor Paul Haskell-Dowland said the risk that apps were harvesting Australians’ private information for foreign countries was high, and the data collected could go far beyond names and email addresses.

“When you have a well-funded government with a keen interest in surveillance, there is the motivation to do this,” he said.

“There’s no secret about China’s willingness to use their power. It’s a distinct possibility that these apps could be used (to spy) and I wouldn’t be surprised if it had already happened. The companies concerned simply couldn’t talk about it.”

TikTok, for example, currently requests access to a user’s phone number, email address, and contacts, location, camera, microphone and files on their smartphone.

But Mr Haskell-Dowland said video platforms could also provide a foreign government with facial recognition data, the ability to track an individual’s movements, and extract private information from seemingly safe video clips.

“Users need to think about what they’re filming, what is the in the background,” he said. “There are algorithms that can mine a video to identify personal items within it, like a house number or a fridge with notes pinned to it.”

Check Point cyber security evangelist Ashwin Ram said mobile apps were increasingly being used in well-funded, “state-sponsored” cyber attacks as smartphones were “low-hanging fruit for cyber attackers”.

A malicious dating app was used to target defence personnel by foreign spies, he said, while another specially designed app was updated to let attackers listen through a phone’s microphone, he said.

Mr Ram said Check Point had also recently identified security flaws in the TikTok app, which it had outlined to the company for patching, and discovered another 16 malicious apps designed to exploit fear over coronavirus.

UNSW Canberra Cyber director Nigel Phair said Australians needed a national campaign to highlight what data apps were collecting from users, how it was being used, and how to limit their risk in order to avoid “sleepwalking into a bad situation”.

And Swinburne University social media senior lecturer Dr Belinda Barnet said new laws to limit data collection from Australian users could help protect them from attacks in a way blanket bans could not.

“If you were serious about cracking down on data privacy you’d be legislating in a way that affects all apps and protects users’ data,” she said. “There are behaviours you could crack down on.”

Sydney business owner Maria Vlezko, whose nine-year-old daughter Anastasia runs a TikTok account for her guinea pig GenGen, said she was unaware of new security concerns raised about the platform, but would closely supervise activity on her account.

“As a parent, you have to supervise in any way you can,” she said. “You need to check the account, see the comments, see the direct messages, you always need to keep checking.”

Originally published as Australians could be ‘sleepwalking’ into Chinese app trap via TikTok