The National Security Bureau of the Republic of China (Taiwan) issued a warning today (July 2) stating that mobile applications such as Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud Drive produced in mainland China pose a high information security risk. The National Security Bureau of the Republic of China advises people to be vigilant, avoid downloading apps with information security concerns, in order to protect personal privacy and corporate secrets.
In recent years, the international community has been paying close attention to the information security issues of Chinese-made mobile applications (APPS). Governments and private research institutions worldwide have publicly raised alarm, concerned about the serious risks to the information and communication security of Chinese APP users.
To prevent the Chinese Communist Party from illicitly obtaining personal information of our citizens, the National Security Bureau of the Republic of China, based on the National Intelligence Service Act, has reviewed various national security investigation reports and related information. They have notified and collaborated with the Investigation Bureau of the Ministry of Justice and the Criminal Investigation Bureau of the National Police Agency to inspect several Chinese-produced APPs. The results showed over-collection of personal data and privacy infringement issues. The National Security Bureau of the Republic of China reminds people to carefully choose related products.
The National Security Bureau of the Republic of China stated that the Chinese-made APPs included in this inspection are Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud Drive, which are familiar to the people of Taiwan.
The Investigation Bureau of the Ministry of Justice and the Criminal Investigation Bureau of the National Police Agency utilized the “Mobile Application APP Basic Information Security Detection Criteria v4.0” published by the Central Epidemic Command Center, to conduct an analysis based on 15 evaluation criteria covering five types of irregular patterns: “Data Collection,” “Transgressing Usage Permissions,” “Data Transmission and Sharing,” “Extracting System Information,” and “Biometric Data Capture.”
Firstly, the National Security Bureau of the Republic of China stated that the overall inspection results showed that all five Chinese-made APPs examined severely violated multiple inspection criteria. In particular, Xiaohongshu violated all 15 inspection criteria. Additionally, Weibo and Douyin had 13 violations each, WeChat had 10 violations, and Baidu Cloud Drive had 9 violations. This indicates a widespread information security risk in the five Chinese-made APPs, exceeding reasonable expectations for information gathering by applications.
Furthermore, the National Security Bureau of the Republic of China indicated that all five Chinese-made APPs exhibited information security issues such as “over-collection of personal data” and “abuse of permissions,” including extensive collection of “facial information,” “screenshots,” “clipboards,” “contact lists,” and “locations,” among other irregularities. In terms of “Extracting System Information,” all five Chinese-made APPs collected user program lists, device parameters, etc., raising information security concerns. Moreover, in the aspect of “Biometric Data Capture,” users’ facial information could be deliberately collected and stored by the applications.
Moreover, regarding “Data Transmission and Sharing,” all five Chinese-made APPs were found to transmit packet data back to servers within China, potentially leading to the misuse of user data by third parties. Particularly, according to the provisions of the Cybersecurity Law and National Intelligence Law, the Chinese authorities can demand that companies provide user data and information to national security, public security, and intelligence departments. This may lead to the targeted acquisition and use of personal data of the Taiwanese people by specific units of the Chinese Communist Party.
The National Security Bureau of the Republic of China noted that many countries around the world, including the United States, Canada, the United Kingdom, India, have issued bans or warnings against specific Chinese-made APPs. The European Union has even initiated the General Data Protection Regulation (GDPR), conducting investigations into data theft related to specific APPs associated with the Chinese government and imposing hefty fines. Faced with the information security risks posed by Chinese-made APPs, Taiwan government agencies have prohibited the use of Chinese-brand information and communication products, including various software and hardware.
The National Security Bureau of the Republic of China, in collaboration with the Investigation Bureau of the Ministry of Justice and the Criminal Investigation Bureau of the National Police Agency, conducted inspections on the five Chinese-made APPs, revealing a widespread information security risk. They advise the people to increase their awareness of mobile device security and avoid downloading Chinese-made APPs with information security concerns to protect personal privacy and relevant information such as business trade secrets.