Taiwan’s National Security Bureau has identified Chinese-developed mobile applications as significant cybersecurity threats, following thorough investigations that revealed extensive unauthorized data harvesting practices exceeding standard collection parameters.
The in-depth analysis examined five Chinese applications across multiple categories, including social media, utility, and content platforms, with investigators finding systematic abuse of system permissions and excessive personal data collection.
The NSB investigation revealed that these applications engaged in unauthorized access to screenshots, clipboard content, contact lists, and location data, as well as simultaneously gathering application lists and device parameters as part of detailed system information extraction.
Chinese applications systematically extracted screenshots, clipboard data, contacts, and location information while secretly harvesting comprehensive device parameters and system details.
Particularly concerning, four out of five tested applications collected facial recognition data, indicating deliberate biometric harvesting operations that extend far beyond legitimate app functionality.
Data transmission analysis confirmed that collected information was being sent to servers located within China, creating direct channels for potential third-party misuse. Like sophisticated skimming operations, these apps systematically gather and transmit sensitive user data without proper authorization or transparency. The transmitted data categories included system information, user contacts, and biometric data, all of which could potentially be accessed by Chinese authorities or intelligence agencies under existing PRC legislation.
Legal concerns center on China’s Cybersecurity Law and National Intelligence Law, which mandate that companies surrender user data to authorities for security and intelligence purposes.
This regulatory framework allows state access to any information gathered by Chinese-developed applications, effectively transforming private apps into potential intelligence collection tools. The NSB stressed that these practices breach Taiwanese user privacy beyond normal operational requirements, particularly since user consent is often lacking or misleadingly obtained.
Taiwan has implemented preventive measures since 2019, banning TikTok, Douyin, and RedNote from government devices and official premises over national security concerns.
Although no equivalent ban exists for private usage, authorities consistently issue public warnings urging vigilance and avoidance of China-made applications posing known security risks.
The scope of data at risk encompasses personal identifiers, business secrets, and sensitive communications, with Taiwan’s high mobile app adoption rates creating heightened vulnerability. The NSB’s comprehensive assessment covered 15 indicators across five distinct communication security categories to evaluate potential threats. The investigation was conducted in collaboration with the Ministry of Justice Investigation Bureau and Criminal Investigation Bureau to ensure comprehensive security analysis.
Ongoing investigations target additional high-risk applications for similar threat assessments, with recommendations extending to corporate and private users to prevent data leakage and proprietary information theft.
