China Economic Review

Survey highlights China’s huge data leak problem

This article was kindly contributed by Technode. For the original, please click here.

By Masha Borak

A survey has found that 85.2 % of app users in China have experienced data leaks, according to a report by the China Consumer Association.

For the vast majority of them (86.5%), the leaks resulted in receiving harassing calls and messages from sales departments and advertisers, while three quarters complained of getting calls from fraudsters. Among the top three complaints was receiving spam (63.4%), while other unwanted consequences included receiving illegal links and even account password thefts.

According to the Association, during the first half of 2018, illegal data collection from e-commerce and social platforms became a new hot spot for complaints. After surveying more than 4,400 respondents between July and August 2018, the organization published its findings in the “App Personal Information Leak Survey Report” on August 29th.

The survey comes while data leak scandals are appearing in local media on a regular basis. This week, local media uncovered what could be the largest data leak in the last five years with personal data and booking information of 130 million hotel customers offered for sale for 1 bitcoin.

The week before, media uncovered that a third-party developer for Chinese mobile operators—China Mobile, China Telecom, and China Unicom—hijacked over 3 billion pieces of user datafrom some of the country’s biggest tech companies.

The survey respondents said that the main blame for data leaks goes to app operators (62.2%), followed by illegal third-party resellers (60.6%), and loopholes in the network service system (57.4%.). Less than 35% of them said that the reason behind the leak were trojan horse viruses, phishing websites, and other means of data theft.

The survey brought up a long-running pain point for many of China’s app users. Nearly 70% of respondents believe that mobile apps request access to private data even though their functions do not require it. This includes requiring access to location (86.8%) and contact list (62.3%), call records (47.5%) and SMS (39.3%), camera (39.3%) and microphone recording (24.6%).

However, the survey also showed that the rate of reading through user agreements and privacy policies before installing apps was quite low—only 18.1% of respondents said they do it regularly.

Awareness seems to be growing: 60% of respondents adopted some measures to protect their personal information, whether it was omitting certain information, turning off personalized location-based services, denying access to apps, installing protective software or simply giving false information. This echoes the findings of a survey by Tencent’s research arm Penguin Intelligence this month which found that the majority of internet users in China are paying more attention to data privacy.

The two key concerns for the respondents were that leaked data would be used for fraud and theft (70.5%), resold to third parties (52.4%) and used for spam calls (37.7%), while only 6.6% of respondents cared about their reputation being damaged.

Over 80% of respondents said more should be done to secure data. The Association concluded that the main reasons for lack of data security when using apps is personal security awareness and lack of supervision. The latter could be mitigated with an app check system and blacklist, the report concluded. Unfortunately, the problem is not limited to China.