Taiwan flags security risks in popular Chinese apps after official probe
Taiwan flags security risks in popular Chinese apps after official probe
Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China.
Taiwan National Security Bureau (NSB) warns that Chinese apps like TikTok, WeChat, Weibo, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China, following an official inspection with law enforcement agencies.
Following global concerns, the NSB coordinated with Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to inspect these apps, using national security testing standards. Findings revealed multiple violations, prompting officials to advise the public to use caution when installing and using China-developed applications.
“The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps.” reads the NSB’s announcement.
Taiwanese authorities found that the five China-made apps violate key security standards. Using the v4.0 Basic InfoSec Testing Standard, they revealed major issues in personal data collection, permission abuse, and data sharing. Rednote failed all 15 indicators; Weibo and Douyin violated 13 each, WeChat 10, and Baidu Cloud 9. These apps pose cybersecurity risks beyond normal data practices.

The five China-made apps were found to access facial data, screenshots, clipboard, contacts, and location info without user consent. All collect device and app data, and may store users’ facial features. They also transmit data to servers in China, raising concerns over misuse, as Chinese law requires companies to share user data with authorities. This creates major privacy and security risks for Taiwanese users.
“All 5 China-made apps are found to have security issues of excessively collecting personal data and abusing system permissions.” continues the announcement. “With regard to data transmission and sharing, the said 5 apps were found to send packets back to servers located in China. This type of transmission has raised serious concerns over the potential misuse of personal data by third parties. Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence.
Countries like the US, UK, Canada, and India have warned or banned China-made apps [1, 2, 3, 4, 5, 6]. The EU is investigating data theft under GDPR. Taiwan has banned Chinese tech products—both hardware and software—in government institutions due to cybersecurity concerns.
“The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Taiwan)