Taiwan intelligence agency warns of RedNote, Douyin data breaches

Taipei, July 2 (CNA) The National Security Bureau (NSB) has urged Taiwanese to be careful when using Chinese mobile applications due to potential security breaches following a recent inspection of five of those apps, including RedNote and Douyin, TikTok's sister app in China, by the NSB.

The inspections by Taiwan's top intelligence agency of five Chinese social media platforms, which also included Weibo, WeChat, and Baidu Cloud, found serious violations of users' communication security across several indicators, the NSB said in a statement Wednesday.

The inspections conducted jointly with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) checked 15 indicators in five categories: personal data collection, excess of usage permission, data transmission and sharing, system information extraction, and access to biometric data.

All five apps showed violations across many of the indicators, with Rednote, the Chinese equivalent of Facebook, failing to meet all 15 of them, the NSB said.

Weibo and Douyin violated 13 of the 15 indicators, while WeChat violated 10 and Baidu Cloud nine.

"These findings suggest that the China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirements taken by ordinary apps," NSB said in its English-language statement.

All five China-made apps had security issues related to excessive collection of personal data and abuse of system permissions, with violations including unauthorized access to screenshots, clipboard content, contact lists, and location data, as well as inadequate protection of personal information rights.

All five apps collected application lists and device parameters of users (in the system information extraction category), and four of the five collected facial recognition data, which the NSB said may be deliberately harvested and stored by those apps.

The five apps were also found to send packets back to servers located in China, raising serious concerns over the potential misuse of personal data by third parties, it said.

Under China's Cybersecurity Law and National Intelligence Law, Chinese companies are obligated to turn over user data to authorities when it involves national security, public security, and intelligence, according to the NSB.

Such a practice would significantly breach the privacy of Taiwanese users and could support data collection by specific Chinese agencies, it said.

Citing the latest findings, the NSB urged the public to "remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, to protect personal data privacy and corporate business secrets."

Since 2019, Taiwan has banned TikTok, Douyin -- the Chinese-language version --and RedNote from government devices and official premises over national security concerns.

There is no ban on the private use of these Chinese apps in Taiwan, however.