Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
9 résultats taggé apps  ✕
NSB Alerts the Significant Cybersecurity Risks in China-Made Mobile Applications https://www.nsb.gov.tw/en/#/%E5%85%AC%E5%91%8A%E8%B3%87%E8%A8%8A/%E6%96%B0%E8%81%9E%E7%A8%BF%E6%9A%A8%E6%96%B0%E8%81%9E%E5%8F%83%E8%80%83%E8%B3%87%E6%96%99/2025-07-02/NSB%20Alerts%20the%20Significant%20Cybersecurity%20Risks%20in%20China-Made%20Mobile%20Applications
07/07/2025 11:18:32
QRCode
archive.org

www.nsb.gov.tw
In recent years, the international community has shown growing concerns over cybersecurity issues deriving from China-developed mobile applications (apps). Governments and independent research institutions worldwide have already issued warnings concerning data breaches in users’ communication security. To prevent China from illegally acquiring personal data of Taiwan’s nationals, National Security Bureau (NSB) has reviewed cybersecurity reports from countries around the world and organized relevant information, as per the National Intelligence Work Act. Subsequently, the NSB informed and coordinated with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to conduct random inspection on several China-developed mobile apps. The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps.

The 5 China-developed apps selected for inspection, consisting of rednote, Weibo, TikTok, WeChat, and Baidu Cloud, are widely used by Taiwanese nationals. The MJIB and CIB adopted the Basic Information Security Testing Standard for Mobile Applications v4.0 announced by the Ministry of Digital Affairs, and evaluated the apps against 15 indicators under 5 categories of violation, consisting of personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.

All 5 apps have shown serious violations across multiple inspection indicators. Notably, the rednote fails to meet all 15 inspection standards. Weibo and TikTok violate 13 indicators, separately, as well as 10 for WeChat and 9 for Baidu Cloud. These findings suggest that the said China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirement taken by ordinary apps.

All 5 China-made apps are found to have security issues of excessively collecting personal data and abusing system permissions. The violations include unauthorized access to facial recognition data, screenshots, clipboard contents, contact lists, and location information. As to the category of system information extraction, all apps were found to collect data such as application lists and device parameters. Furthermore, as far as biometric data are concerned, users’ facial features may be deliberately harvested and stored by those apps.

With regard to data transmission and sharing, the said 5 apps were found to send packets back to servers located in China. This type of transmission has raised serious concerns over the potential misuse of personal data by third parties. Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence. Such a practice would pose a significant security breach to the privacy of Taiwanese users, which could lead to data collection by specific Chinese agencies.

A wide range of countries, such as the US, Canada, the UK, and India, have already publicly issued warnings against or bans on specific China-developed apps. The European Union has also launched investigations under the General Data Protection Regulation framework into suspected data theft involving certain China-made apps. Substantial amount of fines are imposed in those cases. In response to the cybersecurity threats, the Taiwanese government has prohibited the use of Chinese-brand products regarding computer and communications technology within official institutions. Both software and hardware are included.

The NSB coordinates with the MJIB and CIB to test the 5 inspected China-developed apps, and confirms that widespread cybersecurity vulnerabilities indeed exist. The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets.

www.nsb.gov.tw EN 2025 alert China Taiwan China-developed apps risk
On These Apps, the Dark Promise of Mothers Sexually Abusing Children https://www.nytimes.com/2024/12/07/us/child-abuse-apple-google-apps.html
09/12/2024 20:49:11
QRCode
archive.org

Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.

nytimes EN 2024 investigation BigoLive abuse stream child Apps Apple Google pedophiles criminal
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
13/11/2024 10:53:50
QRCode
archive.org
thumbnail

This one is a privesc bug yielding SYSTEM privileges for any VDI user, which is actually a lot worse than it might initially sound since that’s SYSTEM privileges on the server that hosts all the applications and access is ‘by design’ - allowing an attacker to impersonate any user (including administrators) and monitor behaviour, connectivity.

watchtowr EN Citrix Virtual Apps bug VDI exploit
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
20/08/2024 09:14:14
QRCode
archive.org
thumbnail

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

talosintelligence EN 2024 vulnerabilities Microsoft apps macos Outlook
OpenAI's chatbot store is filling up with spam https://techcrunch.com/2024/03/20/openais-chatbot-store-is-filling-up-with-spam/?guccounter=1
21/03/2024 17:26:19
QRCode
archive.org
thumbnail

When OpenAI CEO Sam Altman announced GPTs, custom chatbots powered by OpenAI's generative AI models, onstage at the company's first-ever developer

techcrunch EN 2024 ai apps chatbots chatgpt gpt-store gpts openai copyright leagal spam
Threat actors use beta apps to bypass mobile app store security https://www.bleepingcomputer.com/news/security/threat-actors-use-beta-apps-to-bypass-mobile-app-store-security/
19/08/2023 17:23:08
QRCode
archive.org
thumbnail

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.

bleepingcomputer EN 2023 FBI beta mobile apps cryptocurrency
“FleeceGPT” mobile apps target AI-curious to rake in cash https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/
18/05/2023 01:37:15
QRCode
archive.org
thumbnail

Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype

sophos EN 2023 Fleeceware ChatGPT scam apps
Android SharkBot Droppers on Google Play Underline Platform's Security Needs https://www.bitdefender.com/blog/labs/android-sharkbot-droppers-on-google-play-underlines-platforms-security-needs/
22/11/2022 21:24:35
QRCode
archive.org
thumbnail

A common theme we've noticed in the last few months consists of malicious apps
distributed directly from the Google Play Store.

bitdefender EN 2022 SharkBot Android GooglePlay malicious apps
Joker, Facestealer and Coper banking malwares on Google Play store https://www.zscaler.com/blogs/security-research/joker-facestealer-and-coper-banking-malwares-google-play-store
19/07/2022 08:43:01
QRCode
archive.org
thumbnail

Joker, Facestealers and Banker swarming Google Play store

zscaler EN 2022 Android Joker FaceStealer Coper Exobot Malware GooglePlay store apps analysis
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio