Advertisement
Advertisement
Smartphones
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Photo: SCMP Pictures

Hong Kong smartphone users’ information at risk with major payment apps, agency claims

WeChat, Taobao, Taobao World, Tmall and Alipay ‘misuse’ data, according to FactWire report

Smartphones

Mobile phone users’ personal data and information is vulnerable to “misuse” and could be used for monitoring purposes by five of China’s most popular mobile payment services, a news agency has reported.

Tencent’s WeChat messaging app, the Alibaba Group’s Taobao, Taobao World, Tmall and affiliate Alipay, which is run by Ant Financial, are all able to gain access to smartphones and collect sensitive information that could be transferred to the mainland, a FactWire investigation claimed yesterday.

The agency used programme analysis to examine how sensitive data was accessed by the apps, and tracked the information flow.

It showed the apps could immediately, upon installation, obtain sensitive data that could track and identify a user, such as a smartphone’s unique code and a SIM card’s identification number.

The data was then recorded into files that were available for transfer to mainland servers, FactWire said.

Acquiring this information would allow one to access the location of a device and track activities, such as software downloads or service visits, the agency added.

FactWire said it also tested Android Pay, Google Wallet and Octopus, and did not find the same results.

A women talks on her mobile phone in mainland China. Photo: Simon Song

A Tencent spokeswoman told FactWire: “We take user data privacy and protection seriously in product development and daily operations.”

“WeChat will always adhere to Tencent’s core mission to create value for our users by providing high standards of user experience and information security,” the spokeswoman said.

I don’t use these mainland apps... because we know these companies cooperate with the authorities openly and it is likely that they will give government information
IT sector lawmaker Charles Mok

Alibaba told the agency it complied with the law in collecting, storing and using information. It added that the collection of telephone numbers and SIM card information was needed to verify a user’s identity and monetary transactions to combat fraud. Alibaba is the owner of the South China Morning Post.

Ant Financial also cited security and enhanced safeguarding of users’ accounts in collecting the data.

According to the office of the Privacy Commissioner for Personal Data (PCPD), there is no law or regulation preventing the transfer of personal information outside Hong Kong.

The PCPD declined to comment on whether the mainland apps had broken any rules. However, a spokeswoman urged the public to read the privacy policies of their apps and learn what data would be accessible to the companies before downloading.

IT sector lawmaker Charles Mok said section 33 of the Personal Data (Privacy) Ordinance, which would prohibit personal data being transferred out of Hong Kong, was never enacted. He said private sector opposition prevented the legislation.

“I don’t use these mainland apps... because we know these companies cooperate with the authorities openly and it is likely that they will give government information,” the lawmaker added

Post