Internet Security Apps Called Out for Personal Data Abuse

When you download a mobile app designed to keep you safe online, you probably don’t expect it to abuse your personal data.

But that’s exactly what many of China’s most popular mobile security apps are doing, according to a new announcement (link in Chinese) by the country’s internet regulator.

Some 36 security apps, including those developed by internet titans Tencent Holdings Ltd., Baidu Inc. and Qihoo 360 Technology Co. Ltd., are guilty of illegally obtaining data without users’ consent, collecting more information than they need to operate, and demanding excessive numbers of permissions, according to the notice, which was published Monday.

The document singled out a further 48 online lending apps for similar violations, including those developed by the personal finance arms of ride-hailing giant Didi Chuxing, Alibaba Group Holding Ltd.’s e-commerce site Taobao, Ping An Insurance Group Co. of China Ltd. and several national banks.

Data privacy is a long-running problem in China, which lacks robust laws and regulations governing the collection and use of personal information.

A flagship data protection law is in the works, but remains in the draft stage amid debate over how it would affect both businesses and individuals.

For now, Chinese authorities largely content themselves with naming and shaming — and sometimes removing (link in Chinese) — apps that violate user privacy.

The companies on the latest naughty list have 15 working days to clean up their act or face legal punishment, the regulator said, without being specific.

Contact reporter Matthew Walsh ([email protected])

Related: China Mulls Severe Penalties in New Data Protection Law