Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

Jul 05, 2025Ravie LakshmananNational Security / Privacy

Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.

The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency.

“The results indicate the existence of security issues, including excessive data collection and privacy infringement,” the NSB said. “The public is advised to exercise caution when choosing mobile apps.”

Cybersecurity

The agency said it evaluated the apps against 15 indicators spanning five broad categories: Personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.

According to the analysis, RedNote violated all 15 indicators, followed by Weibo and TikTok that were found to breach 13 indicators. WeChat and Baidu Cloud violated 10 and 9 of the 15 indicators, respectively.

These issues encompassed extensive collection of personal data, including facial recognition information, screenshots, clipboard contents, contact lists, and location information. All the apps have also been flagged for harvesting the list of installed apps and device parameters.

“With regard to data transmission and sharing, the said five apps were found to send packets back to servers located in China,” the NSB said. “This type of transmission has raised serious concerns over the potential misuse of personal data by third-parties.”

NSB also pointed out that companies operating in China are obligated to turn over user data under domestic laws for national security, public security, and intelligence purposes, and that using these apps can breach the privacy of Taiwanese users.

The development comes as countries like India have enacted bans against Chinese-made apps, citing security concerns. In November 2024, Canada ordered TikTok to dissolve its operations in the country, although its fate in the U.S. still remains in limbo, as the ban – which was supposed to take effect in January 2025 – has been extended for a third time.

Cybersecurity

Last week, one of Germany’s data protection authorities urged Apple and Google to remove Chinese artificial intelligence (AI) chatbot DeepSeek from their respective app stores due to unlawful user data transfers to China. Similar restrictions have also been imposed by other nations.

“The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets,” it added.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Similar Posts

  • AI Overviews Have Doubled (25M AIOs Analyzed)

    Lately, we’ve heard murmurings that Google’s March Core Update has led to an uptick in AI Overviews¹ ² This chimes with what we’re seeing in Ahrefs Brand Radar, our new marketing intelligence tool which lets you track your brand presence in AI search. We analyzed 25M AI overview keywords in the two-month window of our…

  • Release Day: The Drupal Recipes API

    We recently completed a new set of tutorials covering the Drupal Recipe API. My interest in Drupal recipes began while I was working on documentation for the Drupal CMS User Guide, which relies heavily on recipes to provide its features. Drupal CMS is just Drupal core plus a curated set of contributed modules, preconfigured to…

  • Drupal AI: How to Set It Up and Try It Out

    After watching the Driesnote earlier this week, I wanted to try and play around with the AI tools that were demonstrated. Mostly because I find this space fascinating, and I like to try and see what kind of goofy things I can get the robots to do. So I installed all the relevant modules on…

  • Meet the New Drupalize.Me AI Assistant

    An experimental new way to explore our Drupal tutorials – powered by AI, guided by humans. We’ve been experimenting with different ways to use AI to make Drupalize.Me even more helpful for our members, and we’re excited about this first update: a new AI-powered chatbot that can search and summarize tutorials from our library. We’re…

  • Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

    Sep 06, 2025Ravie LakshmananSoftware Security / Cryptocurrency A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. “The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot…