The review revealed that all five apps failed to meet many of the indicators, with Xiaohongshu, the Chinese equivalent of Facebook, failing to meet all 15 of them, the NSB said.

Sina Weibo and Douyin did not meet 13 of the 15 indicators, while WeChat failed 10 and Baidu Cloud nine.

“These findings suggest that the China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirements taken by ordinary apps,” the bureau said in the English-language statement.

All of the apps had security issues related to excessive collection of personal data and abuse of system permissions, with contraventions including unauthorized access to screenshots, clipboard content, contact lists and location data, as well as inadequate protection of personal information rights.

All five apps collected users’ application lists and device parameters (in the system information extraction category), and four of them collected facial recognition data, which the NSB said might be deliberately harvested and stored by those apps.

The apps were also found to send packets back to servers in China, raising serious concerns over the potential misuse of personal data by third parties, it said.

Under China’s Cybersecurity Law and National Intelligence Law, Chinese companies are obligated to turn over user data to authorities when it involves national security, public security or intelligence, the NSB said.

Such a practice would significantly breach the privacy of Taiwanese users and could support data collection by Chinese agencies, it said.

People must “remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, to protect personal data privacy and corporate business secrets,” it said.

Since 2019, Taiwan has banned TikTok, Douyin (抖音, the Chinese version of TikTok) and Xiaohongshu from government devices and official premises over national security concerns.

However, there is no ban on the private use of the apps.