How TIKTOK & Other Chinese Apps Are Stealing Your Data

Chinese Apps banned over privacy and security concerns. In related news, iOS 14 revealed 50+ Data Stealing Apps including TikTok. Let’s learn how these malicious apps are/ were impacting you.

5 min read
How TIKTOK & Other Chinese Apps Are Stealing Your Data

Till like a year back, unlike humans, apps were not differentiated based on their origin. Mobile users installed any app because of its features, interface, utility and other characteristics. But since the rise of TikTok globally a lot of security concerns, associated especially with Chinese market, have come to light. The USA was the first to point this out and held it under National Security Review, and from there it spread like wildfire. Though most of Gen-Z has turned a blind eye to these allegations, this doesn’t make the issue any less threatening.

But it isn’t just TikTok, many popular apps related to ecommerce, games, social media, etc. are currently under fire. Only thing they have in common – they all originated from China. Let us start by saying that not all Chinese apps or brands are risky, but somehow data leaks are a frequent occurrence in apps hailing from the country with the biggest population.

Today, we’ll talk about all the latest bans and restrictions on Chinese Apps around the world, and how they can be a potential threat to your privacy and digital security.

Huawei Banned in United States of America

All through 2018, 2019 and 2020, Huawei has been fighting its own battle with the United States, whose President, Donald Trump, has issued the mega electronics empire as a ‘national security risk’. Though exact reasons are unclear to this date, it has something to do with the hardware (including cell phone towers) imported directly from China, which pose a strong threat of Chinese agencies spying on American citizens.

Mi Phones Accused of Collecting User Data

In May 2020, Mi phones parent brand, Xiaomi was accused of recording the data of millions of users, without their consent or knowledge. Apparently, the smartphone tracked down the user behaviour and interests and sent the report back to servers hosted by another Chinese venture – Alibaba. Recorded activities included all user patterns, files opened, tracked swipes and even collected browser history (including Chrome, DuckduckGo, Incognito mode).

Even Xiaomi browsers such as Mi Browser Pro and Mint browser (available on Google Play Store) are also harvesting similar data.

Though Xiaomi publicly denied these allegations, it indirectly accepted their fault in it’s browser’s recent update.

Xiaomi Data Leak

‘Cheetah Mobile’ Apps Removed from Google Play Store

The infamous Chinese internet company, Cheetah Mobile, has a history of launching fraud applications with dishonest ad policies. They are most well-known for acquiring user data by asking for phone permissions like storage, camera etc for even the simplest of applications like ‘Flashlight’. Another suspicious activity is in its IAP (In-App Purchases) policies whose fundamental play is to exploit the users by turning the app into a cash machine.

By March 2020, all Cheetah Mobile official and subsidiary apps were removed from Google Play Store.

Malware Rich UC Browser

UC Browser has a long history of being a malware injecting malicious application, and carrying out a lot of shady activities inside your phone device. For starters, upon initializing the popular browser asks for unnecessary permissions including accessing your text messages. Imagine how wrong that is in case of confidential OTPs and other bank-related information. UC Browser further downloads malicious files and content on your device in the background without you ever knowing.

TikTok Vulnerabilities – User Data at Risk, TikTok Accounts Hacked

TikTok has been at the forefront of the ban on Chinese applications worldwide. It’s not just the fear of unknown surveillance risks, but a lot of other cybercrimes involving TikTok user accounts hacked, violating user privacy by collecting sensitive data, and even being blasted as a hub for child traffickers. The list goes on and on, but you get the gist about the abundance of privacy and security concerns surrounding this new-age social media app.

59 Chinese Apps Banned in India

In the most recent news, India has risen to the situation by banning around 59 Chinese applications. This comes after not only prevalent security issues, but also tensions between the neighbouring nations. But as obvious, Indian authorities have dubbed this boycott as part of ‘national security’ concerns, which are not false by the way, as we can infer from the pattern above.

The official press release stated,

“The Computer Emergency Response Team (CERT-IN) has also received many representations from citizens regarding security of data and breach of privacy impacting upon public order issues”

Let’s take a quick glance at all the Chinese apps banned by the Indian government.

TikTok Shareit Kwai UC Browser
Baidu map Shein Clash of Kings DU battery saver
Helo Likee YouCam makeup Mi Community
CM Browers Virus Cleaner APUS Browser ROMWE
Club Factory Newsdog Beauty Plus WeChat
UC News QQ Mail Weibo Xender
QQ Music QQ Newsfeed Bigo Live SelfieCity
Mail Master Parallel Space Mi Video Call – Xiaomi WeSync
ES File Explorer Viva Video – QU Video Inc Meitu Vigo Video
New Video Status DU Recorder Vault- Hide Cache Cleaner DU App studio
DU Cleaner DU Browser Hago Play With New Friends Cam Scanner
Clean Master – Cheetah Mobile Wonder Camera Photo Wonder QQ Player
We Meet Sweet Selfie Baidu Translate Vmate
QQ International QQ Security Center QQ Launcher U Video
V fly Status Video Mobile Legends DU Privacy

iOS 14 Data Stealing Apps

Adding fuel to the fire, TikTok has been found as the leading culprit in iOS 14 Data Stealing News. Turns out, Tiktok, along with 50+ other reputed applications was reading the text, image, password that is being copied to the clipboard. As this is a fairly common activity that all of us are habitual of, it scares us to think about the misuses if such information falls into the wrong hands.

This ‘bug’ was discovered in the latest iOS version’s notification feature, where it highlights whenever any app reads your clipboard data. This helpful feature was introduced in light of protecting user privacy and transparency. And it indeed helped us identify this immoral defect. Check out this little demonstration to see how the technique works:

The list of iOS applications copying your clipboard data are:

ABC News Al Jazeera English CBC News CBS News
CNBC Fox News News Break New York Times
NPR ntv Nachrichten Reuters Russia Today
Stern Nachrichten The Economist The Huffington Post The Wall Street Journal
Vice News 8 Ball Pool™ AMAZE!!! Bejeweled
Block Puzzle Classic Bejeweled Classic Bejeweled HD FlipTheGun
Fruit Ninja Golfmasters Letter Soup Love Nikki
My Emma Plants vs. Zombies™ Heroes Pooking – Billiards City PUBG Mobile
Tomb of the Mask Tomb of the Mask: Color Total Party Kill Watermarbling
TikTok ToTalk Tok Truecaller
Viber Weibo Zoosk 10% Happier: Meditation
5-0 Radio Police Scanner Accuweather AliExpress Shopping App Bed Bath & Beyond
Dazn Hotel Tonight Overstock
Pigment – Adult Coloring Book Recolor Coloring Book to Color Sky Ticket The Weather Network

How to Protect Against Harmful, Malicious Apps

With such data-stealing malicious apps regularly doing the rounds in heavy quantities, it mainly comes down to the mobile users to ensure their smartphones’s safety. All of us should practise these small steps to stay safe from cyber attacks, brought on not just by ‘Chinese’ apps but also otherwise:

  1. Uninstall (and never download) any suspicious application that has been in the news for security reasons. There’s always an alternate (just as good) that will do the job
  2. Remove any application that asks too many unnecessary permissions. You can figure out the required ones simply by judging the app requirements. If you can’t uninstall the app for any reason, just block the sensitive permissions
  3. Continuing on the above point, don't blindly allow access or give permissions to any application - old or new
  4. Install a trusted Anti-virus to be double safe

What are your views on the 'Chinese' app ban? We'd love to hear from you.

Follow us on Telegram and Twitter for all such latest cybersecurity news and updates.


🎉 You've successfully subscribed to Hack Reports!