The National Security Bureau conducts inspections of Chinese apps in accordance with the law
The National Security Bureau stated that according to the National Intelligence Work Law, after researching cybersecurity investigation reports and related intelligence from various countries, it coordinated with the Ministry of Justice's Investigation Bureau, the Criminal Investigation Bureau of the National Police Agency, and other units to test commonly used Chinese apps with the indicators released in the 'Mobile Application APP Basic Information Security Testing Standards v4.0'. This includes Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud.
The National Communications Commission's 'Mobile Application APP Basic Information Security Testing Standards v4.0' tests four major categories: 'Collection of personal data', 'Exceeding usage permissions', 'Data return and sharing', and 'Capture of system information' and 'Control of biometric features'.
Xiaohongshu has 15 violations, or may steal user private keys
The young generation's popular app Xiaohongshu can be considered a blatant violation. In addition to collecting location and address book data, the cryptocurrency community is most wary of clipboard collection and screenshot collection, which also appear to be violations. Previously, Slow Mist warned that the Coin software contained malware, and similarly, there was an issue with clipboard collection, where private keys might be recorded during the copying process.
Further reading
Beware! Kaspersky: Malware infects Coin, and these 4 apps should never be installed
Other violations of Xiaohongshu include:
Storage space on the device
Excessive collection of personal information
Excessive permission requests
Forced consent to unreasonable privacy terms
Insufficient protection of personal data rights
Uploading unnecessary personal data when not in use
Redirecting personal data to third-party SDKs
Whether the packet directs to locations within China
Collecting program lists
Collecting device parameters
Collecting facial information
The behavior of collecting clipboard data also appears in WeChat and Douyin, and the collection of screenshots is present in all surveyed Chinese-made apps.
China can require companies to hand over user data to the state under the Cybersecurity Law and National Intelligence Law
Reports quoted the National Security Bureau's opinion, indicating that these 5 Chinese-made apps may deliberately collect user biometric identification data (such as facial information) for filing. In terms of data return and sharing, all five apps return packet data to servers located within China, which may lead to the misuse of users' personal data by third parties. The Chinese Communist Party can require companies to provide user data and information to national security, public security, and intelligence departments under the Cybersecurity Law and National Intelligence Law, which may result in the personal data of citizens being collected and utilized by specific Chinese entities.
This article is reprinted with permission from: (Chain News)
Original title: (Is Xiaohongshu at risk of personal data leakage? The National Security Bureau checks Chinese apps like Weibo, Douyin, WeChat, etc., and finds multiple violations)
Original author: Neo
The article 'Still using Xiaohongshu? National Security Bureau: Over 5 Chinese apps are non-compliant and may collect screenshots and leak personal data' was first published in 'Crypto City'