Amap (高德地圖), iQIYI (愛奇藝) and two other Chinese apps requested access to sensitive information unrelated to their core functions when installed on devices, with the mapping app posing more potential security risks than the others, the Ministry of Digital Affairs said yesterday.
The ministry released the results of cybersecurity tests of four Chinese apps after reports that Amap can display countdown timers for traffic lights on some roads in Taiwan, raising concerns over potential cybersecurity risks.
Amap is a digital map developed by Beijing-based AutoNavi Software Co (高德軟件), which is part of Alibaba Group Holding Ltd (阿里巴巴), while iQIYI is a streaming service owned by Baidu Inc (百度), an Internet search firm.
Photo courtesy of the Ministry of Digital Affairs
The other two apps were Bilibili (嗶哩嗶哩), a Shanghai-based streaming platform, and BimoBimo (比萌比萌) a chat app that facilitates interactions with artificial intelligence-generated characters.
The ministry conducted tests of the four apps’ Android and iOS versions, Administration for Cybersecurity Director Lee Yu-wei (李昱緯) said.
The cybersecurity agency ran tests on the four apps using 15 indicators across four categories: reading data from other apps, collecting and sharing user data, accessing users’ device information and reading users’ activity, Lee said.
Of the four apps, Amap had the highest number of risk behaviors, with 11 detected on Android devices and eight on iOS devices, he said.
Amap requested permissions to access sensitive personal data, including accessing clipboard and calendar information, transmitting data externally while inactive and transferring data to servers in China, he said.
People who use Amap risk having their credit card information, personal activities and other sensitive data leaked to unrelated third parties, he said.
Amap accessed audio, video, live image and microphone permissions in the background, Lee said, adding that it was also able to access contact lists, storage space, health-related records and device IDs.
“In that case, personal privacy or commercial confidential information could be compromised, while social networks could be exploited for unauthorized marketing purposes,” Lee said. “Files and data stored on personal mobile devices, such as daily habits, could be collected and analyzed. If audio or video data are improperly obtained or leaked, they could potentially be used for fraudulent or other illegal purposes.”
The tests showed that Amap was capable of continuously tracking and recording the movements of device owners, which can help establish a digital footprint, he said.
China-based apps in general would transmit data to servers in China, he said, adding that China’s cybersecurity and national intelligence laws require app operators to provide user data to Chinese national security, public safety and intelligence agencies.
Exploitation of digital footprints for precise geolocation poses a risk to personal safety, while user data could be accessed via legal provisions or transferred across borders, with potential risks of misuse, Lee said.
Amap’s traffic light countdown timers and 3D street view functions can be cross-referenced to track specific individuals, he said.
If long-term data of individuals are compiled, they could be used by hostile regimes to facilitate espionage activities, surveillance of sensitive crucial infrastructure and infiltrate national security systems, Lee said.
Bilibili, iQIYI and BimoBimo were also found to have accessed calendars, to-do lists and storage, as well as allowing other suspect operations, he said.
If people grant permission to apps to access information, their personal data and device information could be collected, profiled, reused or stored in other countries, he said.
The information could also be used by scammers to facilitate fraud operations, he added.
“Even if people do not grant apps authorizations to access their data, some apps can collect personal data in the background,” Lee said.
People should read the privacy policy of apps and ascertain the legitimacy of their permission requests before downloading them, Lee said, adding that cybersecurity protection software can boost data defenses.
Asked whether malware and other cybersecurity risks can be eliminated by deleting an app, Administration for Cybersecurity Director-General Tsai Fu-longe (蔡福隆) said that apps should be downloaded via well-established channels.
“People should restart their devices after deleting an unwanted app and regularly use cybersecurity protection software to scan for potential risks,” Tsai said.
Additional reporting by CNA
A signaling system malfunction disrupted high-speed rail (HSR) services beginning at 8am today, with trains temporarily reduced to three northbound and three southbound trains per hour as authorities conduct inspections. The malfunction occurred on a section of track in Miaoli County during pre-operation checks early this morning, forcing northbound and southbound trains to use a single track, the HSR operator said. The regular schedule has been replaced with three hourly trains offering only nonreserved seating in each direction, stopping at every station, it said, adding that business class cars would still have reserved seating. Departures from terminal stations are scheduled at the top
DRONE CENTRAL: Taiwan aims to become Asia’s democratic hub for drones, with most exports focused on high-quality military-grade models, an official said Taiwan’s drone industry is expected to expand significantly by 2030, producing 100,000 units per month and exporting half of them, the Ministry of Economic Affairs said yesterday. Current drone production capacity is about 15,000 units per month, but the industry can quickly scale up as demand increases, Industrial Development Administration Director-General Chiou Chyou-huey (邱求慧) told a news conference in Taipei. Taiwan’s drone output grew 2.5-fold last year to NT$12.9 billion (US$408.3 million) under a government program to develop the uncrewed vehicle sector, he said. The Executive Yuan in October last year approved plans to invest NT$44.2 billion into domestic production of uncrewed aerial
VERBOSE VESSELS: A CGA cutter and a China Coast Guard exchanged verbal barbs for more than a day in Taiwanese-controlled waters before the Chinese vessel left The Taiwanese and Chinese coast guards had a standoff near the strategically located Pratas Islands (Dongsha Islands, 東沙群島) in the north of the South China Sea, the Coast Guard Administration (CGA) said yesterday. The two sides engaged in intense radio exchanges over sovereignty claims during the 33-hour standoff. China Coast Guard vessel 3501 eventually left the restricted waters, 26.6 nautical miles (49.2km) west of the Pratas Islands, at 5pm yesterday, the CGA said. Lying approximately between southern Taiwan and Hong Kong, the Taiwan-controlled Pratas are seen by some security experts as vulnerable to Chinese attack due to their distance — more than
WARNING: China should stop engaging in actions that undermine regional peace and stability, as it would only build resentment among people across the Strait, the CGA said China has deployed more than 100 navy, coast guard and other vessels in waters from the Yellow Sea to the South China Sea and the western Pacific since US President Donald Trump and Chinese President Xi Jinping (習近平) met in Beijing, National Security Council Secretary-General Joseph Wu (吳釗燮) said yesterday. “In this part of the world, #China is the one & only PROBLEM wrecking the #StatusQuo & threatening regional peace & stability,” Wu wrote on X. In a separate post, he said Beijing was coercing Taiwan’s maritime domain, calling it illegal and provocative, after the Coast Guard Administration (CGA) expelled a
RSS