Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.
The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency.
“The results indicate the existence of security issues, including excessive data collection and privacy infringement,” the NSB said. “The public is advised to exercise caution when choosing mobile apps.”
The agency said it evaluated the apps against 15 indicators spanning five broad categories: Personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.
According to the analysis, RedNote violated all 15 indicators, followed by Weibo and TikTok that were found to breach 13 indicators. WeChat and Baidu Cloud violated 10 and 9 of the 15 indicators, respectively.
These issues encompassed extensive collection of personal data, including facial recognition information, screenshots, clipboard contents, contact lists, and location information. All the apps have also been flagged for harvesting the list of installed apps and device parameters.
“With regard to data transmission and sharing, the said five apps were found to send packets back to servers located in China,” the NSB said. “This type of transmission has raised serious concerns over the potential misuse of personal data by third-parties.”
NSB also pointed out that companies operating in China are obligated to turn over user data under domestic laws for national security, public security, and intelligence purposes, and that using these apps can breach the privacy of Taiwanese users.
The development comes as countries like India have enacted bans against Chinese-made apps, citing security concerns. In November 2024, Canada ordered TikTok to dissolve its operations in the country, although its fate in the U.S. still remains in limbo, as the ban – which was supposed to take effect in January 2025 – has been extended for a third time.
Last week, one of Germany’s data protection authorities urged Apple and Google to remove Chinese artificial intelligence (AI) chatbot DeepSeek from their respective app stores due to unlawful user data transfers to China. Similar restrictions have also been imposed by other nations.
“The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets,” it added.
