Concerns Rise Over Security Protocols in Chinese Apps
Recent evaluations by Taiwan’s Ministry of Digital Affairs have highlighted potential security vulnerabilities in several Chinese applications, specifically Amap, iQIYI, Bilibili, and BimoBimo. After conducting comprehensive cybersecurity tests, officials reported that these apps request access to sensitive data not typically related to their functionalities, with Amap emerging as the most concerning.
The ministry’s scrutiny followed reports indicating that Amap, a mapping service, offered features like traffic light countdowns in Taiwan, leading to heightened awareness regarding cybersecurity. Alongside Amap, iQIYI serves as a popular streaming platform, while Bilibili caters to a similar entertainment audience and BimoBimo allows users to interact with AI-generated chat characters.
According to the Cybersecurity Administration, detailed tests were performed on the Android and iOS versions of these applications using 15 indicators focused on user data management and device permissions. Among the four, Amap was flagged for the most security risks—detecting 11 risky behaviors on Android and eight on iOS.
The app seeks access to various sensitive data, including clipboard information, calendar entries, and external data transfers, raising alarms about the potential exposure of users’ personal activities and financial information. There are concerns that Amap’s capabilities extend to managing permissions related to audio and video inputs, contact information, and health records.
The consequences of using such an app are serious, potentially compromising personal privacy and commercial secrets. Should this data be improperly accessed, the implications reach beyond individual users, potentially inviting fraud and other criminal activities. Amap’s functionalities were also noted for their ability to track user movements, which could create detailed digital profiles.
There are also concerns that data collected by these apps is likely transmitted to servers in China, as mandated by national laws on cybersecurity and intelligence. This policy raises fears about privacy violations and the risk of user information being utilized against individuals by certain state actors.
Aside from Amap, Bilibili, iQIYI, and BimoBimo were also found to engage in questionable practices, including accessing personal calendars and other sensitive information. Users who unwittingly authorize these apps could face repercussions, as their data can be repurposed or even stored abroad.
Rechargeable risks emerge even for those who think they’ve denied permissions since some applications may still track user information unnoticed. To mitigate risk, it is advised that users carefully scrutinize app privacy policies and be cautious about granting access to personal details.
To further protect themselves, users are encouraged to deploy cybersecurity software. It is recommended to download apps only from reliable sources and suggested that users restart devices after uninstalling apps to maintain security.
Key Takeaways
- Privacy Awareness: Review app permissions before downloading and understand what data is being requested.
- Data Security Measures: Use cybersecurity software to safeguard personal information and regularly scan for potential threats.
- Be Informed: Familiarize yourself with privacy policies to better comprehend how your data will be used.
- Device Maintenance: Restart devices after uninstalling apps to eliminate residual risks.
- Skepticism Toward Permissions: Acknowledge that some apps may collect data even without explicit permissions.