Cancelling TikTok in Australia "should be on the table" amid new revelations the app is capturing every keystroke you make on their in-app browser - including potentially passwords and credit card details, opposition cyber security and countering foreign interference spokesman James Paterson said.

Paterson, who is a Liberal Senator and member of the Parliamentary Joint Committee on Intelligence and Security (which examines the nation’s counter-terrorism, law enforcement and foreign interference legislation) told The Oz on Friday that if the government can't resolve its cyber security concerns regarding social media platforms such as TikTok with other measures, a ban should be an option. 

"If the government can’t solve it (national security concerns regarding social media platforms) any other way, then a ban should be on the table," he said. "I think the geopolitical environment which we are in puts an extra impetus on addressing this now- we don’t want to wake up in a conflict scenario and think we need to protect our cyber security. If god forbid the worst happens we need to be sure we're in a secure cybersecurity position."

Director of Cyber Intelligence at CyberCX Katherine Mansted previously told The Oz the Chinese Communist Party, which has "an insatiable appetite for personal information of Australian citizens," could use Tiktok users' data to manipulate public opinion or map out the Australian sentiment on a given topic.

Privacy tips: Change these settings on TikTok right now

What can TikTok access?

Felix Krause, a security researcher previously employed by Google, this week released a ground-breaking report proving TikTok can extract “granular” personal data from users’ keystrokes.

When users enter a website through a link in the app (ie. the in-app browser), TikTok inserts code which can monitor an individual’s activity on external websites. This can include monitoring users’ passwords, credit card information or other highly-sensitive details.

“This was an active choice the company made,” Krause, who is based in Vienna, said. “This is a non-trivial engineering task. This does not happen by mistake or randomly.”

A spokeswoman for TikTok said the researcher’s report was incorrect and misleading. 

“Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring,” she said.  

University of Sydney professor of business systems information Uri Gal told The Oz the reports are “highly concerning” and cause for a “serious conversation” about TikTok’s future in Australia.

“A lot can be extracted from the granular data they can access, and that’s very concerning,” he said. “Of course, there are corporations like Google and Fb who are guilty of the same offences, but their interests are commercial."

"With Tiktok there’s an added level of espionage and national security that doesn’t exist with US organisations.”

Gal said it was “very reasonable” to assume there are “quite substantial interdependencies between TikTok’s parent company ByteDance and the CCP, and by extension TikTok and the CCP.”

TikTok has about 2.5m Australian users, about 30% of whom are under 15. Gal said the young nature of the audience made the privacy breach more concerning because “they’re really vulnerable people.”

“We know our government is capable of taking radical measures when a big threat arises. For example, we don’t use Huawei in Australia anymore,” he said. “The removal of the app needs to be considered. It’s not unprecedented.”

It’s not the first time major world leaders have called for the Chinese-owned app to be blocked from use. US Federal Communications Commission leader Brendan Carr in June called on Apple and Google to remove TikTok from their app stores over China-related data security concerns.

“TikTok is not what it appears to be on the surface. It is not just an app for sharing funny videos or memes. That’s the sheep’s clothing,” he wrote in a letter addressed to the CEOs of the tech behemoths.

Will the government make a move?

Paterson's security committee colleague and incoming chair, Peter Khalil, told The Oz a fine balance needed to be struck between personal choice and government interventions. 

"My views are the government actually has to commit to protecting Australians' personal information - that’s about strengthening privacy laws - and also about education so they can better understand how data is being used so they can make their own decisions," he said.

"Ultimately it's about balance so that individuals have enough confidence and then also it's part government. Reforming privacy laws are important so they're fit for purpose in a digital age and actually responsive to the different ways that Australia interact with each other and around the world."

A spokesman for Home Affairs Minister Clare O'Neil said Australians need to be mindful of the fact they are sharing a lot of detailed information about themselves with apps that are not properly protecting that information.

"The government strongly recommends that all Australians ensure they are well informed about how their data can be used online and the steps they can take to understand their online presence and protect their privacy," he said. 

More related stories

News

What led to the ASX Wolf’s downfall

He was found to have breached financial advice laws in a precedent-setting court case against social media "finfluencers".

Read more

Internet

Relocating to Mars easy compared to running Twitter

Tech tycoon’s quixotic spell in charge of the social media site has shown both its many flaws and how hard they are to fix, says Hugo Rifkind.

Read more