Taiwan’s National Security Bureau has flagged five popular Chinese-developed applications as significant privacy and security threats, citing extensive unauthorized data collection practices that violate user privacy standards. The NSB investigation examined RedNote, Weibo, TikTok, WeChat, and Baidu Cloud, revealing systematic breaches of user data protection across all platforms.
RedNote demonstrated the most severe violations, failing all fifteen security criteria tested by investigators. Weibo and Douyin each failed thirteen indicators, whereas WeChat failed ten and Baidu Cloud nine. These applications routinely access facial recognition data, screenshots, clipboard content, contact lists, and location information without proper user consent, exceeding normal functional requirements.
RedNote failed all fifteen security tests, while other Chinese apps violated up to thirteen privacy criteria through unauthorized data harvesting.
All five applications transmit collected user data to servers located in China, creating substantial exposure risks for Taiwanese users. Under China’s Cybersecurity Law and National Intelligence Law, Chinese companies must provide user data to state authorities when requested for security or intelligence purposes. This legal framework raises concerns about potential misuse by Chinese intelligence agencies and state-sponsored data operations. Similar to the zero-click exploits used by sophisticated spyware, these apps can access device features without user interaction.
The applications employ sophisticated data harvesting methods, extracting facial features, system information, device parameters, and installed application lists through abuse of system permissions. Four of the five apps deliberately accessed and stored users’ facial recognition data, while all demonstrated inadequate protection of user information rights. The NSB conducted inspections using 15 indicators across five categories specifically designed to evaluate communications security. The investigation represented a joint effort with the Ministry of Justice Investigation Bureau and Criminal Investigation Bureau.
The NSB has issued official advisories urging strict caution when installing or using China-developed applications. Users are recommended to prioritize mobile device security to safeguard personal and business information from unauthorized exposure. Government recommendations highlight awareness and avoidance of Chinese applications exhibiting cybersecurity risks.
Taiwan previously banned TikTok, Douyin, and RedNote from government devices and official premises in 2019 for national security reasons, though no universal ban exists for private use. The current investigation utilized the v4.0 Basic InfoSec Testing Standard and national security protocols to evaluate application safety.
These findings may influence future regulatory actions, potentially extending restrictions to additional platforms. The NSB underscores the need for ongoing monitoring and stricter app vetting processes to guarantee compliance and reduce privacy risks for Taiwanese citizens.
