The five Chinese apps are Douyin, RedNote, Weibo, WeChat, and Baidu Cloud.
TAIPEI, Taiwan—The Taiwanese National Security Bureau (NSB) is warning the public about significant cybersecurity risks posed by five Chinese mobile apps, including excessive data collection, following a cross-agency investigation.
The NSB, in collaboration with the Ministry of Justice Investigation Bureau and the Criminal Investigation Bureau, announced its findings on July 2 regarding social media apps Douyin, RedNote, and Weibo; messaging app WeChat; and computing app Baidu Cloud. Douyin is the Chinese version of TikTok, and both are owned by China-based internet company ByteDance.
“The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps,” the NSB wrote.
The five apps were examined against 15 indicators across five categories: individual data collection, excessive use of permissions, data transmission and sharing, system information extraction, and biometric data access.
RedNote, also known as Xiaohongshu and considered the Chinese equivalent of Instagram, was found to have violated all 15 indicators. Douyin and Weibo each had 13 violations, while WeChat had 10 and Baidu Cloud had nine.
“These findings suggest that the said China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirements taken by ordinary apps,” NSB added.
RedNote, Weibo, and Douyin have been found to collect unauthorized personal data, including location data, contact lists, clipboard contents, screenshots, and device storage. WeChat was also found to have committed all of these violations except for accessing clipboard data.
All five apps were found to have deliberately extracted data on program lists and device parameters.
Except for WeChat, the other four apps were discovered to have collected facial recognition data.
All five apps were also found to send data packets to China-based servers.
“This type of transmission has raised serious concerns over the potential misuse of personal data by third parties,” the NSB wrote.
“Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence. Such a practice would pose a significant security breach to the privacy of Taiwanese users, which could lead to data collection by specific Chinese agencies.”
Among the apps, RedNote was the only one found to have uploaded “non-essential personal data when idle,” according to the findings.
RedNote and Weibo were singled out for having “mandatory agreements to unreasonable privacy terms.”
The NSB urged people to avoid downloading China-made apps that pose a cybersecurity risk in order to protect their personal privacy and corporate secrets.
The Taiwanese government has banned Douyin, TikTok, and RedNote on government-issued devices and government premises.
By Frank Fang
