Taipei, Taiwan – Taiwan's National Security Bureau (NSB) has issued a serious warning regarding significant data security and privacy risks associated with mobile applications developed in China. These include popular apps such as RedNote (Xiaohongshu), TikTok, Weibo, WeChat, and Baidu Cloud. This alert follows an inspection that found these apps engage in excessive data collection and transmit personal information back to servers in mainland China, which could lead to severe privacy breaches for Taiwanese users.
The NSB collaborated with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) to conduct an in-depth inspection. They evaluated the apps against 15 indicators across five main categories: personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access. The inspection results were alarming:
- RedNote violated all 15 indicators.
- Weibo and TikTok violated 13 indicators.
- WeChat violated 10 indicators.
- Baidu Cloud violated 9 indicators.
The NSB stated that these violations include the collection of vast amounts of sensitive personal data, such as facial recognition information, screenshots, clipboard content, contact lists, and location data. Furthermore, these apps were found to collect lists of installed applications and device parameters from users. Most concerningly, all the apps were observed sending data packets back to servers located in China, raising serious concerns about the potential misuse of personal data by third parties.
Chinese Laws Mandate Data Handover: A Risk to Taiwanese Users' Privacy
The NSB emphasized that under China's Cybersecurity Law and National Intelligence Law, Chinese companies are legally obligated to hand over user data to state authorities when it relates to national security, public security, or intelligence objectives. This practice constitutes a significant breach of Taiwanese users' privacy and could facilitate data collection by specific Chinese agencies.
Global Warnings and User Protection
This situation reflects a growing international concern. Several countries have taken similar actions; for example, India has implemented bans against Chinese-made apps citing security concerns, and Canada ordered TikTok to cease operations. Last week, a German data protection authority also urged Apple and Google to remove the Chinese AI chatbot DeepSeek from their app stores due to unlawful user data transfers to China.
While Taiwan has banned TikTok and other Chinese apps from government devices and official premises since 2019 for national security reasons, there is currently no ban on their private use. Therefore, the NSB has strongly advised the public to "remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets."
The NSB hopes that this warning will help the people of Taiwan become more aware of these risks and make informed decisions when choosing applications, thereby protecting their personal information from being exploited.