Taiwan Identifies Security Risks in Popular Chinese Apps Following Official Investigation

TL;DR

Taiwan’s National Security Bureau (NSB) has identified significant security risks in popular Chinese apps like TikTok, WeChat, Weibo, and Baidu Cloud due to excessive data collection and unauthorized data transfers to China. The investigation, conducted with law enforcement agencies, found multiple violations, prompting officials to advise caution when using these apps.

Main Content

Taiwan Warns of Security Risks in Chinese Apps

Taiwan's National Security Bureau (NSB) has issued a warning regarding the security risks posed by popular Chinese apps such as TikTok, WeChat, Weibo, and Baidu Cloud. These apps have been found to engage in excessive data collection and unauthorized data transfers to China, following an official inspection conducted in collaboration with law enforcement agencies.

Global Concerns and Official Inspection

Amidst global concerns, the NSB coordinated with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to inspect these apps using national security testing standards. The findings revealed multiple violations, leading officials to advise the public to exercise caution when installing and using China-developed applications.

“The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps.” reads the NSB’s announcement.

Security Standards Violations

Taiwanese authorities discovered that the five China-made apps violate key security standards. Using the v4.0 Basic InfoSec Testing Standard, they identified major issues in personal data collection, permission abuse, and data sharing. Rednote failed all 15 indicators; Weibo and Douyin violated 13 each, WeChat 10, and Baidu Cloud 9. These apps pose cybersecurity risks beyond normal data practices.

Data Collection and Privacy Concerns

The five China-made apps were found to access facial data, screenshots, clipboard, contacts, and location information without user consent. All collect device and app data, and may store users’ facial features. They also transmit data to servers in China, raising concerns over misuse, as Chinese law requires companies to share user data with authorities. This creates major privacy and security risks for Taiwanese users.

“All 5 China-made apps are found to have security issues of excessively collecting personal data and abusing system permissions.” continues the announcement. “With regard to data transmission and sharing, the said 5 apps were found to send packets back to servers located in China. This type of transmission has raised serious concerns over the potential misuse of personal data by third parties. Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence.

Global Actions Against Chinese Apps

Countries like the US, UK, Canada, and India have warned or banned China-made apps [1, 2, 3, 4, 5, 6]. The EU is investigating data theft under GDPR. Taiwan has banned Chinese tech products—both hardware and software—in government institutions due to cybersecurity concerns.

“The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Taiwan)

For more details, visit the full article: source

Conclusion

The findings by Taiwan’s NSB highlight the critical need for vigilance when using Chinese apps. The excessive data collection and unauthorized data transfers pose significant security risks, underscoring the importance of protecting personal data and corporate secrets. As global concerns mount, it is essential for users to be aware of the potential risks and take necessary precautions.

Additional Resources

For further insights, check:

[Cybersecurity Laws and Regulations](https://securityaffairs.com/166512/laws-and-regulations/us-doj-sued-tiktok.html)
[Privacy Concerns with Chinese Apps](https://securityaffairs.com/177349/laws-and-regulations/irelands-dpc-fined-tiktok-e530m-for-sending-eu-user-data-to-china.html)
[Global Actions Against TikTok](https://securityaffairs.com/142615/breaking-news/european-commission-banned-tiktok.html)