Fifteen mobile apps tested for information security all failed to make the grade, the Consumer Protection Committee said on Tuesday.
Describing the results “shocking,” committee officials said they had sampled 10 Android apps and five iOS apps for shopping, personal insurance policy management, payment of fees and purchasing tickets.
The tests were based on the government’s mobile app basic information security testing standards v2.1, which the Industrial Development Bureau published last year.
Photo courtesy of the Consumer Protection Committee
The apps were evaluated in 29 categories, such as the developers’ security practices, sensitive data, payment method, user identification, authorization, authentication and session management, the officials said.
“Those items are the bare minimum of information security,” committee official Wang Te-ming (王德明) said, adding that the results showed a weakness in the nation’s cybersecurity awareness.
Although the committee had informed the app publishers of the test results and provided free consultation via the Taiwan Electronic Testing Center, only seven apps passed the follow-up tests, he said.
The seven are the policy management apps of Cathay Life Insurance, Nan Shan Life Insurance and Mercuries Life Insurance, the online payment apps of O’Pay and Chunghwa Telecom Hami Wallet, and the consumer service apps of Far EasTone and Taiwan Mobile, he said.
The committee did not publish the names of the apps that failed to meet standards because disclosure would make their vulnerability known to hackers and increase risks to consumers, he said.
Instead, it published the names of apps that did pass its tests on the Mobile Application Security Alliance — www.mas.org.tw — and granted them an alliance-approved digital watermark that is valid for one year, he said.
The committee’s guidelines are based on the US National Institute of Standards and Technology’s specifications, which are used worldwide, Wang said.
However, the guidelines are not laws and the government has no authority to enforce them, he said.
The committee charges a fee for administering the qualification test for the watermark, but the costs — tens of thousands of New Taiwan dollars — should be affordable for big businesses, he said.
Taiwan lags behind Western nations in data security as it has just begun treating the issue seriously, he said, adding that public eduction is a high priority for the committee.
Consumers should only download apps certified by the committee, avoid giving out too much personal information, change their passwords regularly and stay away from dubious hyperlinks, Wang said.
Actor Darren Wang (王大陸) was sentenced to six months in prison, commutable to a fine, by the New Taipei District Court today for contravening the Personal Data Protection Act (個人資料保護法) in a case linked to an alleged draft-dodging scheme. Wang allegedly paid NT$3.6 million (US$114,380) to an illegal group to help him evade mandatory military service through falsified medical documents, prosecutors said. He transferred the funds to Chen Chih-ming (陳志明), the alleged mastermind of a draft-evasion ring, although he lost contact with him as he was already in detention on fraud charges, they said. Chen is accused of helping a
UNREASONABLE SURVEILLANCE: A camera targeted on an road by a neighbor captured a man’s habitual unsignaled turn into home, netting him dozens of tickets The Taichung High Administrative Court has canceled all 45 tickets given to a man for failing to use a turn signal while driving, as it considered long-term surveillance of his privacy more problematic than the traffic violations. The man, surnamed Tseng (曾), lives in Changhua County and was reported 45 times within a month for failing to signal while driving when he turned into the alley where his residence is. The reports were filed by his neighbor, who set up security cameras that constantly monitored not only the alley but also the door and yard of Tseng’s house. The surveillance occurred from July
SECURITY: Starlink owner Elon Musk has taken pro-Beijing positions, and allowing pro-China companies to control Taiwan’s critical infrastructure is risky, a legislator said Starlink was reluctant to offer services in Taiwan because of the nation’s extremely high penetration rates in 4G and 5G services, the Ministry of Digital Affairs said yesterday. The ministry made the comments at a meeting of the legislature’s Transportation Committee, which reviewed amendments to Article 36 of the Telecommunications Management Act (電信管理法). Article 36 bans foreigners from holding more than 49 percent of shares in public telecommunications networks, while shares foreigners directly and indirectly hold are also capped at 60 percent of the total, unless specified otherwise by law. The amendments, sponsored by Chinese Nationalist Party (KMT) Legislator Ko
A Japan Self-Defense Forces vessel entered the Taiwan Strait yesterday, Japanese media reported. After passing through the Taiwan Strait, the Ikazuchi was to proceed to the South China Sea to take part in a joint military exercise with the US and the Philippines, the reports said. Japan Self-Defense Force vessels were first reported to have passed through the strait in September, 2024, with two further transits taking place in February and June last year, the Asahi Shimbun reported. Yesterday’s transit also marked the first time since Japanese Prime Minister Sanae Takaichi took office that a Japanese warship has been sent through the Taiwan
RSS