Growing Concerns Over Security Risks of Chinese AI Apps in Taiwan
Taipei is on high alert following recent warnings from Taiwan’s National Security Bureau (NSB) regarding the use of Chinese generative artificial intelligence (AI) language models. With the rise of these technologies, the NSB has compiled its findings from inspections of five specific AI applications, unearthing alarming issues related to personal data security and the potential for spreading disinformation.
The Apps Under Scrutiny
The five Chinese generative AI applications inspected by the NSB include Deepseek, Doubao, Yiyan, Tongyi, and Yuanbao. These apps have been scrutinized for their adherence to stringent security and ethical standards, particularly concerning how they manage user data and the content they generate. The collaboration between the NSB, the Ministry of Justice Investigation Bureau (MJIB), and the Criminal Investigation Bureau (CIB) was pivotal in conducting a detailed analysis of these applications.
Rigorous Inspection Criteria
The NSB’s investigation employed a multifaceted approach, examining 15 security indicators categorized into five critical areas:
- Personal Data Collection: How much and what types of data each app collects from users.
- Excessive Permission Usage: Whether the apps request unnecessary permissions that compromise user privacy.
- Data Transmission Sharing: The means by which user data is potentially shared or transmitted.
- System Information Extraction: The extent to which these apps access device information.
- Biometric Data Access: Safeguards around sensitive biometric data such as fingerprints.
The findings showed that all five applications raised significant concerns across various indicators. Tongyi notably failed to meet 11 of the 15 security metrics, while Doubao and Yuanbao faltered on 10 indicators. Yiyan and Deepseek followed, violating 9 and 8 indicators, respectively.
Warnings About User Privacy
Critically, each app was found to request user access to location data and screens, often compelling users to accept unreasonable privacy terms. The extent of data harvesting extended to device parameters, raising serious concerns over the protection of personal data. In today’s digital landscape, such invasions of user privacy can lead to significant security vulnerabilities.
Disinformation and Political Bias in Content Generation
In addition to privacy concerns, the NSB’s inspections raised red flags about the content generated by these AI models. Each application displayed signs of political bias and the dissemination of disinformation. When prompted about sensitive topics, particularly those involving cross-strait relations between Taiwan and China, the apps systematically adopted the Chinese government’s official narratives.
For example, content generated by these apps frequently claimed that "Taiwan is currently governed by the Chinese central government" and reiterated the statement that "Taiwan is not a country" while emphasizing Taiwan’s status as "a province of China." Such politically charged outputs align with the Chinese government’s stance, further underscoring the potential for these models to manipulate public perception.
Underlying Control by the Chinese Government
The NSB noted that these AI models exhibit censorship and control mechanisms imposed by the Chinese government. Words related to democracy, freedom, and human rights are conspicuously absent from the models’ vocabulary, demonstrating a deliberate effort to align with state-controlled narratives. This raises concerns not only for individual users but also for organizations that may unwittingly utilize biased information in their operations.
Public Advisory and Future Implications
In light of these findings, the NSB has strongly advised the Taiwanese public to remain vigilant and avoid downloading Chinese-made applications that pose cybersecurity risks. The agency emphasized the importance of protecting personal data and safeguarding corporate business secrets in a landscape where breaches could have far-reaching consequences.
Taiwan’s government already took steps in February 2025 by banning Deepseek from government devices, acknowledging the app’s national security risks. However, the remaining four applications currently lack public sector bans and are still open for private use.
Navigating the Digital Landscape Safely
As technological advancements usher in new possibilities, the risks associated with generative AI models warrant serious consideration. Ensuring data security and navigating the complexities of AI content generation demand a conscious effort from both individuals and organizations. Awareness is the first step in safeguarding personal and national interests in an increasingly interconnected digital environment.
