The hidden risks we scroll past: the problem with TikTok—and RedNote

What if the most popular apps on our phones were quietly undermining national security? Australians often focus on visible threats, but the digital realm poses less obvious yet equally significant dangers. Yet, when it comes to the digital landscape, a blind spot remains: the hidden risks posed by platforms such as TikTok and RedNote (Xiaohongshu). These apps are more than just harmless entertainment; they’re tools in a global battle for data and influence. And we, as a society, remain largely unaware.

TikTok, RedNote and similar platforms have embedded themselves deeply into daily life. Their algorithms delight us with engaging content, fostering a sense of connection and entertainment. But this convenience comes at a cost. Few stop to question what’s behind these apps: who owns them, where our data goes, what it might say about us, and how it might be used. In fact, these platforms, owned by companies who must obey authoritarian governments, present profound risks to our privacy and national security.

Digital risks are invisible and complex and, for most, our understanding is limited. While most Australians grasp the tangible dangers of terrorism or cyberattacks, the concept of apps and data collection being weaponised for disinformation and influence campaigns feels abstract. This gap in understanding is compounded by the prioritisation of convenience over caution. Governments and experts have sounded alarms, conducted enquiries and in extreme cases implemented total bans—as seen with TikTok in the US—but their warnings often fail to resonate amid the noise of daily life. As a result, we remain unprepared for the evolving tactics of malign actors who exploit these vulnerabilities.

Platforms such as TikTok and RedNote collect vast amounts of user data—from location and device details to browsing habits. In the wrong hands, this data can be used to map social networks, identify vulnerabilities or inform targeted disinformation campaigns. Algorithms don’t just show users what they like; they also shape what users believe. Through curated content, adversaries can subtly influence societal narratives, amplify divisions or undermine trust in democratic institutions. Beyond individual users, these platforms could act as backdoors into sensitive areas, through officials’ use of them (despite rules against it) or business executives sharing trade secrets on them.

Australia must address the vulnerabilities on these apps, particularly as the nation strengthens partnerships under such initiatives as AUKUS. Demonstrating robust digital hygiene and security practices will be essential to maintaining credibility and trust among allies.

The enactment of the Protecting Americans from Foreign Adversary Controlled Applications Act has prompted an exodus of users from TikTok, driving them to seek alternative platforms—though Donald Trump has given the app’s owner some indication of a reprieve.

Many TikTok users have turned to RedNote, which has rapidly gained traction as a replacement. Unlike TikTok, which operates a US subsidiary and is banned within China, RedNote is fully Chinese-owned and operates freely within China, creating a level of commingling and data exposure that was not present with TikTok. This raises even greater concerns about privacy and national security. While banning RedNote might seem like a straightforward solution, it does not address the core issue: the lack of public awareness and education about the risks inherent in these platforms. Without understanding how their data is collected, stored, and potentially exploited, users will continue to migrate to similar platforms, perpetuating the cycle of vulnerability. This underscores the urgent need for widespread digital literacy and education.

Recent legislation aimed at protecting children from social media platforms, such as the minimum-age requirements introduced by the Australian government, is a step in the right direction. However, this approach could be endlessly repetitive: new platforms and workarounds could quickly emerge to bypass regulations. The question remains: can the government effectively manage implementation of such policies in a fast-evolving digital landscape? And if we are applying policies to protect children, what about defence force personnel using these free applications? They could inadvertently expose national-security information. A consistent, security-first approach to app usage should be considered across all demographics, especially those with access to critical data.

Governments must take the lead by implementing stricter regulations and launching public awareness campaigns. Comprehensive digital literacy programs should be as common as public-awareness campaigns on physical health or road safety, equipping Australians to recognise and mitigate digital threats. They should know where their data is stored, understand they should resist letting apps know their location, and consider potential consequences. Digital security is no longer a niche concern; it is a core component of modern citizenship.

The hidden risks we scroll past each day are not just a matter of personal privacy but of national security. As Australians, we must shift our mindset and take these threats seriously. By recognising the vulnerabilities embedded in our digital habits, we can build a more secure and resilient society. Because when it comes to national security, ignorance is no longer bliss.