As Taiwanese authorities heighten concerns over data privacy, the National Security Bureau (NSB) disclosed alarming findings related to popular Chinese applications, including TikTok and WeChat. An inspection of five widely used Chinese apps revealed serious privacy violations, demonstrating excessive data collection practices that surpassed standard requirements.
Importantly, unauthorized access to sensitive data—such as facial recognition, screenshots, clipboard contents, contact lists, and location information—was identified. These findings highlight significant risks associated with the use of these applications.
Unauthorized access to sensitive data, including facial recognition and location information, reveals significant risks tied to these applications.
The investigation highlighted that four out of the five inspected apps engaged in the unauthorized harvesting and storage of biometric data, particularly facial recognition information. Excessive permissions granted to these apps allowed them to collect information without users’ explicit consent, indicating a pattern of invasive surveillance. Recent analysis shows that social engineering tactics have been employed to trick users into granting these permissions. Furthermore, all apps extracted system information, amplifying the concerns regarding the depth of personal data exposure.
Additionally, the extraction of clipboard content and screenshots further illustrated the degree of invasive tracking employed by these applications. The collection of users’ contact lists and tracking of their locations presented additional privacy concerns, with persistent reports about the inadequate protection of personal information rights.
Equally troubling was the transmission of user data packets back to servers in China. This practice poses significant risks, including the potential interception of sensitive information by third parties or Chinese state authorities. Under China’s Cybersecurity and National Intelligence Laws, companies may be compelled to share user data with governmental entities for national security purposes, raising fears that Taiwanese user data could become vulnerable to exploitation by Chinese intelligence agencies. The NSB found that such data flows constitute a serious breach of confidentiality, increasing risks for personal privacy and sensitive business information.
In response, Taiwan has already enacted measures, banning certain applications on government devices since 2019 and urging the public to exercise caution concerning Chinese apps. The NSB stresses ongoing regulations to prevent data exploitation, aligned with similar international concerns that illuminate the critical need for data sovereignty and cybersecurity in an increasingly interconnected world.
