Sat, May 13, 2017 - Page 8 News List

Government smartphone apps must be assessed

By Chen Li-hsiang 陳立翔

According to media reports, many of the 144 mobile apps developed by the Executive Yuan and its agencies are highly vulnerable to information security risks due to software design inadequacies.

Security tests showed that only 20 of all the government-designed apps had passed all vulnerability assessments, while 23 were found to have four to six vulnerabilities.

After the comprehensive evaluation, it was concluded that 98 of the 144 apps posed a high information-security risk.

Every time an app is downloaded, a message is displayed showing which access authorizations it requires. By installing it, a user grants the app these authorizations and as a result the user’s private information is transmitted to the software provider.

The Personal Information Protection Act (個人資料保護法) regulates the collection, processing and use of personal information by both governmental and non-governmental agencies. It also stipulates penalties for anyone who violates these regulations.

However, nearly everyone has a smartphone and when an app is installed, personal information is often transmitted through that app.

Since as many as 98 of the 144 apps designed and tested by the Executive Yuan pose a high security risk, this means that there is a 68 percent chance that a person’s personal information would be at risk if they install a government app. In other words, it is almost certain that a user’s personal information runs a high risk of being exposed.

If anyone with ulterior motive takes advantage of these security loopholes, they would likely be able to steal personal information and invade people’s privacy; a worrying situation.

In response, the Executive Yuan said that the National Development Council would revise the operating principles for the Executive Yuan and its agencies’ mobile development, as well as add rules for information security testing which every government app must pass before it can be made available to the public.

However, even this protection is insufficient. Apart from the rule that future apps must pass this test before distribution, every government app that is in circulation should also have to pass the regulations.

According to my investigation, the Executive Yuan and its agencies from 2011 to last year had developed 612 apps. After canceling the distribution of 257 of these apps, 355 remain in circulation. Taking into account those issued by the Presidential Office, the Legislative Yuan, the Judicial Yuan, the Examination Yuan and the Control Yuan, there are far more than 144 government-made apps.

All of these apps should also go through security testing.

In addition, any app that is developed by a private entity in cooperation with — that is, subsidized by — a government agency should also have to pass the testing.

This is the only way to guarantee that personal information is not leaked and that users’ privacy is protected.

Chen Li-hsiang is a graduate of Central Police University’s Institute of Law.

Translated by Eddy Chang

This story has been viewed 1471 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top