China’s internet population at risk as apps collect too much data: CN-CERT
Aug 15, 2019
Overcollection of personal data is rampant in apps from Chinese apps stores, with companies typically collecting more than 20 pieces of information about a user and their device, a non-profit cybersecurity center in China has warned.
Why it matters: China is cracking down on apps that over-collect personal information, as data theft remains a widespread issue, and companies fail to protect users.
- Data breaches can quickly become issues of national security and social stability, particularly when the incidents involve financial information.
- The Chinese government has set up a task force to combat the mishandling of personal data in apps.
Details: China’ s National Computer Network Emergency Response Technical Team (CN-CERT) said in its first-half report for 2019 that apps request an average of 25 permissions when installed.
- More than 30% of apps request call privileges when they are not needed, the organization said.
- A large number of apps display “abnormal behaviors,” including detecting which other applications a user has on their phone or requesting permissions to read and write files.
- CN-CERT said that China has more than 200 app stores containing nearly 5 million apps. Total downloads have exceeded one trillion.
“The illegal use of personal information has become a prominent issue, and the majority of internet users have reacted strongly to it.” —CN-CERT said in its report published this week.
Context: Data breaches have become a significant problem in China, where the illicit market for personal data is enormous.
- Not only is the information easy to come by, but it also comes cheap. Last year, data thieves siphoned off personal data from food delivery platforms and sold it for as little as RMB 0.10 ($0.01).
- Data syndicates are becoming more difficult to trace as their organizational structures grow more complex. Some domestic groups have spread to Southeast Asia to avoid police detection.