Taiwan Flags TikTok, Weibo, RedNote as Data Security Threats Due to China Links

In today’s interconnected world, mobile applications have become integral to daily life—offering convenience, entertainment, and communication at our fingertips. However, not all apps pose equal security risks. Taiwan’s National Security Bureau (NSB) has recently raised an important alert regarding certain China-developed applications, including TikTok, Weibo, RedNote (also known as Xiaohongshu), WeChat, and Baidu Cloud. Their investigation highlights significant data privacy and security concerns due to these apps' extensive data collection practices and data transmissions to servers located in China.

The NSB’s warning follows a thorough assessment conducted alongside Taiwan’s Ministry of Justice Investigation Bureau and the Criminal Investigation Bureau. The evaluation applied 15 security indicators across five key categories: personal data collection, excessive permission use, data transmission and sharing, system information extraction, and biometric data access.

What the NSB found is troubling. RedNote failed all 15 indicators, while Weibo and TikTok violated 13. WeChat and Baidu Cloud also raised red flags by breaching 10 and 9 indicators, respectively. These infractions point to intrusive behaviors such as collecting facial recognition data, screenshots, clipboard contents, contact lists, location data, device parameters, and even lists of installed applications. The apps also send data packets to servers within China — a significant cause for concern given Chinese legal requirements compelling companies to surrender user data to government authorities for national security and intelligence purposes.

Understanding these risks requires acknowledging the realities of geopolitical influence over technology. When apps transmit sensitive user data internationally—especially to a country with mandatory data-sharing laws—it creates potential channels for surveillance and exploitation. This issue transcends Taiwan and is a global concern as countries grapple with similar concerns: India has banned numerous Chinese apps, Canada has ordered TikTok to cease operations domestically, and European regulators are scrutinizing apps that unlawfully transfer user information abroad.

Despite legitimate privacy concerns, it’s important to maintain a balanced perspective. No application or platform is completely risk-free, and the digitized world naturally involves data exchange. For organizations and individuals, the question is not about achieving perfect security but about managing and mitigating risk intelligently.

The NSB’s findings reinforce the need for heightened vigilance when it comes to app security. Organizations should carefully evaluate the software they permit on company devices and networks, especially those with known affiliations to jurisdictions prone to using data access for intelligence purposes. Strong mobile device management, routine permission audits, and clear usage policies are essential defensive layers.

From a user perspective, exercising caution means scrutinizing the permissions apps request during installation and operation. For instance, why would a social media app need access to your clipboard or biometric data? If the rationale is not clear or justified by core functionality, consider alternatives. Limiting app installations from less trusted sources and regularly updating software patches also reduce exposure to vulnerabilities.

On a broader scale, governments and industry groups continue to develop frameworks and tools aimed at securing personal data while maintaining digital access. Solutions like zero-trust architecture and privacy-preserving technologies are promising but not universally implemented yet. The global challenge remains: balancing innovation and openness with security and user privacy.

Taiwan’s NSB alert is a timely reminder of this ongoing balancing act. It underscores the exponential growth in data collected by apps connected to foreign powers and raises awareness of how seemingly innocuous applications can compromise individual privacy and national security. Consumers and businesses alike must prioritize cybersecurity hygiene, approach app usage with informed caution, and advocate for clearer regulations governing data sovereignty.

In a landscape where technology and geopolitics increasingly intersect, cybersecurity is never static. The responsibility lies with all stakeholders to stay informed, implement layered protections, and adapt proactively to emerging threats. App risks linked to geopolitical ties like those flagged by Taiwan serve as valuable case studies in the broader conversation about digital privacy and security in our connected age.