The National Security Bureau (NSB) has issued a critical advisory after uncovering significant cybersecurity and privacy infringements in several widely used Chinese-developed mobile applications.
Following a comprehensive review of international cybersecurity assessments and in response to growing global concern, the NSB coordinated with Taiwan’s Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to conduct targeted audits on five popular Chinese apps: Rednote, Weibo, TikTok, WeChat, and Baidu Cloud.
Random Audits Find Pervasive Privacy Violations
These applications, favored by millions of Taiwanese users, were subjected to rigorous analysis based on the Basic Information Security Testing Standard for Mobile Applications v4.0, as promulgated by the Ministry of Digital Affairs.
The testing framework comprised 15 inspection indicators across five violation categories: personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.
Alarmingly, all five apps demonstrated severe breaches, with Rednote failing every inspection standard, while Weibo and TikTok each violated 13, WeChat 10, and Baidu Cloud 9 of the criteria.
The inspection revealed that each application engaged in the aggressive collection of personal data and abuse of system permissions far beyond what is reasonably required for app functionality.
Unauthorized harvesting of sensitive information including facial recognition data, clipboard contents, contact lists, screenshots, and geographical location was routine across the reviewed apps.
Moreover, all platforms extracted detailed device and application metadata, with some harvesting biometric identifiers such as facial features, raising substantial concerns about the deliberate aggregation and storage of uniquely identifying user data.
Government Urges Public Vigilance
Crucially, investigators determined that these applications routinely transmitted user data to servers located in mainland China.
Given the obligations imposed on Chinese enterprises by the Cybersecurity Law and National Intelligence Law which mandate cooperation with government authorities for national security and intelligence purposes there is an imminent risk that personal and corporate data of Taiwanese users could be subject to unauthorized access or exploitation by Chinese state agencies.
Such findings align with similar warnings and bans enacted by a growing coalition of countries, including the US, Canada, the UK, and India, as well as regulatory probes initiated by the European Union under its General Data Protection Regulation (GDPR) framework.
Some of these actions have resulted in significant fines and operational restrictions for non-compliant firms.
In the wake of these findings, the Taiwanese government has reiterated its prohibition of Chinese-branded hardware and software within all official institutions, underscoring the persistent threat these products pose to both national security and individual privacy.
The NSB’s report calls for heightened public awareness and digital hygiene practices, advising users to avoid installing Chinese-developed apps that exhibit unsatisfactory cybersecurity standards.
The Bureau warns that continued use of these platforms could expose not just personal data, but also sensitive business information, to unauthorized surveillance or exploitation.
Against the backdrop of intensifying international scrutiny and mounting evidence of systemic privacy violations, the NSB’s stance reflects a broader regional and global shift toward robust digital sovereignty and risk mitigation.
As governments worldwide grapple with the implications of cross-border data flows and state-driven cyber activity, Taiwan’s proactive response underscores the need for vigilance in safeguarding personal digital footprints in an increasingly interconnected landscape.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
 has issued a critical advisory after uncovering significant cybersecurity and privacy infringements.){kind=link}