NSB Warns of Cybersecurity Risks Linked to Popular Chinese Apps Like Rednote, Weibo, TikTok, WeChat, and Baidu Cloud

Taiwan’s National Security Bureau (NSB) has issued a stark warning about cybersecurity risks associated with several widely used China-developed mobile applications, including Rednote, Weibo, TikTok, WeChat, and Baidu Cloud.

Following an in-depth investigation conducted in collaboration with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency, the NSB has identified pervasive security vulnerabilities that pose a serious threat to the privacy of Taiwanese nationals.

Severe Privacy Violations in Widely Used Apps

The findings, based on rigorous testing aligned with the Basic Information Security Testing Standard for Mobile Applications v4.0 by the Ministry of Digital Affairs, reveal alarming patterns of data misuse and potential breaches that could compromise personal and corporate security.

The comprehensive evaluation focused on five critical violation categories personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access across 15 specific indicators.

Disturbingly, all five apps demonstrated significant non-compliance, with Rednote failing to meet every single one of the 15 standards.

Weibo and TikTok each violated 13 indicators, while WeChat and Baidu Cloud infringed on 10 and 9 standards, respectively.

Unauthorized Access Raise Red Flags

The investigation uncovered that these applications engage in excessive data collection far beyond acceptable norms for typical app functionality, including unauthorized access to sensitive information such as facial recognition data, contact lists, location details, clipboard contents, and screenshots.

Moreover, all apps were found to extract system information like device parameters and application lists, while also harvesting biometric data, raising concerns about deliberate storage and potential misuse of users’ facial features.

Further compounding the issue, the apps were discovered to transmit data packets to servers located in China, a practice that heightens the risk of personal information being accessed by third parties or state authorities.

Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are legally obligated to share user data with government bodies for national security, public security, or intelligence purposes.

This legal framework amplifies the threat to Taiwanese users, as their data could potentially be funneled to Chinese agencies, constituting a profound breach of privacy.

The NSB’s findings align with global concerns, as countries like the US, Canada, the UK, India, and the European Union have already issued warnings, bans, or launched investigations into similar China-made apps for suspected data theft, often imposing substantial fines under frameworks like the General Data Protection Regulation.

In response to these alarming revelations, the Taiwanese government has taken decisive action by prohibiting the use of Chinese-brand software and hardware in official institutions, safeguarding critical computer and communications technology from potential exploitation.

The NSB, in coordination with the MJIB and CIB, strongly urges the public to exercise caution when selecting mobile applications, advising against downloading China-developed apps that exhibit such cybersecurity vulnerabilities.

This advisory is aimed at protecting not only personal data privacy but also corporate business secrets from being compromised.

As cyber threats continue to evolve, the NSB emphasizes the importance of vigilance in mobile device security to mitigate risks posed by apps that fail to adhere to stringent privacy and security standards.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free