Close

WeChat Mini program pose significant risk for personal data leakage

July 24, 2021 5:28 pm

Mini programs, which are operated by Tencent’s messaging app WeChat, pose significant risks for personal data leakage, according to an annual cybersecurity report published by the National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC).

Detail:

CNCERT/CC tested 50 mini programs and founded that more than 90 per cent of those apps did not have protective measure when the source code of program exposed key information and input sensitive information.

More than 80% of the apps did not provide a personal information collection agreement and more than 60% did not encrypt any user information either on the device or when it was transmitted.

CNCERT/CC’s cybersecurity report send to the Cyberspace Administration of China annually, the Chinese internet watchdog will investigation on firms which have violated the law after careful assessment of the report.

The report shows that by the end of 2020, the number of active apps available for download in domestic app stores reached 2.67 million, with 1.05 million and 1.62 million Android and Apple apps respectively.

The report did not disclose the names of the apps which are at risk of leaking personal data, and it is not clear if the apps have been asked to fix the security issues or if apps have been removed.

Context:

The annual CNCERT/CC report cover a wide range of cybersecurity issues, including cross-border data transfer, personal data leaks and cyberattacks.

Mini programs allow small business to create and run small apps within WeChat without requirements of download and installment.

According to WeChat’s security guide for mini program developers, small apps, which leak sensitive information should not appear in mini program files in plaintext.

In 2020, CNCERT/CC founded that 203 cases that involved selling personal information, of which 40 percent involving users in the banking, securities and insurance industries, 20 per cent related to users of e-commerce and social media platforms, and 12 per cent involving users in the education industry.