Large numbers of Chinese mobile apps continue to threaten users’ security by illegally using their personal information, reading files on their devices, and probing other downloaded apps, according to a report published Tuesday by one of the country’s most influential nongovernmental cybersecurity bodies.
The report, which was released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), reviews China’s online security landscape over the first half of 2019. Published amid an ongoing public outcry over the misuse of personal information, it illustrates the vast scale of the country’s data privacy problem.
Many apps harvest personal information either by forcing users to provide access to their data in order to use the app, or by nudging users toward giving access to data unrelated to the apps’ core operations, according to the report. An example of the latter strategy would be when a food delivery app asks by default for access to your photos and videos while seeking permission to use your location.
CNCERT/CC analysis of more than 1,000 of the country’s most-downloaded apps found that each one requests an average of 25 permissions and that more than 30% demand access to call logs despite that data being unrelated to their operations. On average, the apps collected an average of 20 data items relating to individuals or their devices, including chat logs, geographic locations, and audiovisual content, the report said.
Additionally, the widespread adoption of mobile internet and inclusive finance in China over the last several years has led to the emergence of online fraud techniques that use mobile clients to access individuals’ personal information and bank accounts, the report said.
The Cyberspace Administration of China (CAC) is currently rolling out a yearlong crackdown that aims to root out illegal and nonconsensual data collection. Earlier this month, a CAC-affiliated body published a draft regulation that would standardize digital data collection and require app-makers to allow access to their products as long as users provide the minimum possible amount of personal data and permissions for the apps to function.
Contact reporter Matthew Walsh (email@example.com)