Taiwan’s National Security Agency (NSB) warns that China-developed applications such as Renote (aka Xiaohongshu), Weibo, Tiktok, Wechat and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.
This vigilance follows an inspection of these apps, carried out in coordination with the Judicial Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency.
“The results indicate the existence of security issues, such as excessive data collection and privacy violations,” the NSB said. “We recommend that the public be careful when choosing a mobile app.”
The agency said it evaluated the app against 15 metrics spanning five broad categories: personal data collection, excessive permission use, data transmission and sharing, system information extraction and biometric data access.
Analysis shows that the renote violated all 15 indicators, followed by Weibo and Tiktok, who found to violate 13 indicators. Wechat and Baidu Cloud violated 10 and 9 out of 15 indicators, respectively.
These issues include an extensive collection of personal data, including facial recognition information, screenshots, clipboard content, contact lists, and location information. All apps are flagged to harvest a list of installed apps and device parameters.
“We’ve found that the five apps above send packets back to servers in China when it comes to sending and sharing data,” NSB said. “This type of transmission raised serious concerns over the potential misuse of personal data by third parties.”
The NSB also pointed out that companies operating in China are obligated to take over user data under domestic laws for national security, public safety and information purposes, and that using these apps could violate the privacy of Taiwanese users.
Development develops as countries like India have enacted bans on Chinese-made apps and are being developed citing security concerns. In November 2024, Canada ordered Tiktok to dismantle its domestic activities, but the fate in the US remains in scope as the ban, which was supposed to take effect in January 2025, was extended for a third time.
Last week, one German data protection authorities urged Apple and Google to remove Chinese artificial intelligence (AI) Chatbot Deepseek from their respective app stores for illegal user data transfers to China. Similar restrictions are also imposed by other countries.
“NSB is strongly advised to remain vigilant about the security of mobile devices and to avoid downloading Chinese-made apps that pose cybersecurity risks, and to avoid protecting personal data privacy and corporate business secrets,” he added.
Source link
