Fifteen mobile apps tested for information security all failed to make the grade, the Consumer Protection Committee said on Tuesday.
Describing the results “shocking,” committee officials said they had sampled 10 Android apps and five iOS apps for shopping, personal insurance policy management, payment of fees and purchasing tickets.
The tests were based on the government’s mobile app basic information security testing standards v2.1, which the Industrial Development Bureau published last year.
Photo courtesy of the Consumer Protection Committee
The apps were evaluated in 29 categories, such as the developers’ security practices, sensitive data, payment method, user identification, authorization, authentication and session management, the officials said.
“Those items are the bare minimum of information security,” committee official Wang Te-ming (王德明) said, adding that the results showed a weakness in the nation’s cybersecurity awareness.
Although the committee had informed the app publishers of the test results and provided free consultation via the Taiwan Electronic Testing Center, only seven apps passed the follow-up tests, he said.
The seven are the policy management apps of Cathay Life Insurance, Nan Shan Life Insurance and Mercuries Life Insurance, the online payment apps of O’Pay and Chunghwa Telecom Hami Wallet, and the consumer service apps of Far EasTone and Taiwan Mobile, he said.
The committee did not publish the names of the apps that failed to meet standards because disclosure would make their vulnerability known to hackers and increase risks to consumers, he said.
Instead, it published the names of apps that did pass its tests on the Mobile Application Security Alliance — www.mas.org.tw — and granted them an alliance-approved digital watermark that is valid for one year, he said.
The committee’s guidelines are based on the US National Institute of Standards and Technology’s specifications, which are used worldwide, Wang said.
However, the guidelines are not laws and the government has no authority to enforce them, he said.
The committee charges a fee for administering the qualification test for the watermark, but the costs — tens of thousands of New Taiwan dollars — should be affordable for big businesses, he said.
Taiwan lags behind Western nations in data security as it has just begun treating the issue seriously, he said, adding that public eduction is a high priority for the committee.
Consumers should only download apps certified by the committee, avoid giving out too much personal information, change their passwords regularly and stay away from dubious hyperlinks, Wang said.
Former president Ma Ying-jeou’s (馬英九) mention of Taiwan’s official name during a meeting with Chinese President Xi Jinping (習近平) on Wednesday was likely a deliberate political play, academics said. “As I see it, it was intentional,” National Chengchi University Graduate Institute of East Asian Studies professor Wang Hsin-hsien (王信賢) said of Ma’s initial use of the “Republic of China” (ROC) to refer to the wider concept of “the Chinese nation.” Ma quickly corrected himself, and his office later described his use of the two similar-sounding yet politically distinct terms as “purely a gaffe.” Given Ma was reading from a script, the supposed slipup
Former Czech Republic-based Taiwanese researcher Cheng Yu-chin (鄭宇欽) has been sentenced to seven years in prison on espionage-related charges, China’s Ministry of State Security announced yesterday. China said Cheng was a spy for Taiwan who “masqueraded as a professor” and that he was previously an assistant to former Cabinet secretary-general Cho Jung-tai (卓榮泰). President-elect William Lai (賴清德) on Wednesday last week announced Cho would be his premier when Lai is inaugurated next month. Today is China’s “National Security Education Day.” The Chinese ministry yesterday released a video online showing arrests over the past 10 years of people alleged to be
THE HAWAII FACTOR: While a 1965 opinion said an attack on Hawaii would not trigger Article 5, the text of the treaty suggests the state is covered, the report says NATO could be drawn into a conflict in the Taiwan Strait if Chinese forces attacked the US mainland or Hawaii, a NATO Defense College report published on Monday says. The report, written by James Lee, an assistant research fellow at Academia Sinica’s Institute of European and American Studies, states that under certain conditions a Taiwan contingency could trigger Article 5 of NATO, under which an attack against any member of the alliance is considered an attack against all members, necessitating a response. Article 6 of the North Atlantic Treaty specifies that an armed attack in the territory of any member in Europe,
The bodies of two individuals were recovered and three additional bodies were discovered on the Shakadang Trail (砂卡礑) in Taroko National Park, eight days after the devastating earthquake in Hualien County, search-and-rescue personnel said. The rescuers reported that they retrieved the bodies of a man and a girl, suspected to be the father and daughter from the Yu (游) family, 500m from the entrance of the trail on Wednesday. The rescue team added that despite the discovery of the two bodies on Friday last week, they had been unable to retrieve them until Wednesday due to the heavy equipment needed to lift