Back

Taiwan Warns of Data Harvesting Risks from Chinese Apps

Severity: High (Score: 74.5)

Sources: Aninews.In, Focustaiwan.Tw

Published: 2026-05-28 · Updated: 2026-05-28

Keywords: taiwan, apps, moda, cybersecurity, chinese-made, risks, taipei

Summary

Taiwan's Ministry of Digital Affairs (MODA) has issued a warning about cybersecurity risks associated with four Chinese-made mobile applications: Amap, bilibili, iQIYI, and BIMOBIMO. These apps are suspected of harvesting personal data from Taiwanese users and transmitting it to Chinese authorities, raising national security concerns. Amap, which is currently the most downloaded app in Taiwan, exhibited the highest number of risky behaviors, with 11 security concerns identified on Android and eight on iOS. The review conducted by the Administration for Cyber Security (ACS) assessed the apps based on 15 cybersecurity indicators, including data access and user tracking capabilities. Officials noted that under China's Cybersecurity Law and National Intelligence Law, these apps may be compelled to share user data with the Chinese government. Users are advised to be cautious and review app permissions carefully. Key Points: • Taiwan's MODA warns of cybersecurity risks from four Chinese apps, including Amap. • Amap shows the highest number of risky behaviors, with 11 concerns on Android and eight on iOS. • Users are advised to scrutinize app permissions and adopt cybersecurity measures.

Detailed Analysis

**Impact** Taiwanese users of four Chinese-made mobile applications—Amap, bilibili, iQIYI, and BIMOBIMO—are affected, with Amap being the most widely downloaded app on Android and iOS in Taiwan. Personal data at risk includes location, contacts, audiovisual files, microphone access, and other device information. The potential exposure of this data to Chinese authorities poses national security risks and could impact both individual privacy and broader operational security within Taiwan. **Technical Details** The applications exhibit behaviors such as continuous location tracking, accessing sensitive permissions (contacts, microphone, audiovisual data), and transmitting data even when apps are inactive, particularly Amap on Android. The assessment was based on 15 cybersecurity indicators across four categories: data reading from other apps, user data collection and sharing, device information access, and user activity monitoring. No specific malware, CVEs, or infrastructure details were provided. **Recommended Response** Users should review and limit app permission requests, especially for location, microphone, and contacts. Deploy monitoring to detect unusual data transmissions from these apps, particularly when inactive. Organizations should apply mobile device management policies to restrict or block high-risk applications and educate users on cybersecurity hygiene. No patch or specific detection signatures were mentioned; continuous monitoring and permission auditing are advised.

Source articles (2)

  • MODA warns of cybersecurity risks in Chinese-made apps — Focustaiwan.Tw · 2026-05-27
    Taipei, May 27 (CNA) Taiwan's Ministry of Digital Affairs (MODA) on Wednesday said the public should be alert to cybersecurity risks posed by four Chinese-made mobile apps, including Amap, which curre…
  • Taiwan sounds alarm as Chinese apps accused of secret data harvesting — Aninews.In · 2026-05-28
    Taipei [ Taiwan ], May 28 (ANI): Taiwan 's Ministry of Digital Affairs (MODA) has raised serious concerns over cybersecurity threats posed by several Chinese-made mobile applications, warning that the…

Timeline

  • 2026-05-27 — MODA issues warning about Chinese apps: Taiwan's Ministry of Digital Affairs alerts the public to cybersecurity risks from four Chinese apps, highlighting Amap's data transmission concerns.
  • 2026-05-28 — Detailed review of apps conducted: The Administration for Cyber Security conducted a review of four Chinese apps using 15 indicators, revealing significant data handling risks.

Related entities

  • Data Breach (Attack Type)
  • China (Country)
  • Taiwan (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • Android (Platform)
  • IOS (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed