Advertisement

WeChat mini programs for banking pose ‘significant’ risks of personal data leakage, says report

  • Personal banking mini programs on WeChat found to have major data leak risks, report says
  • Sensitive information is found unprotected and unencrypted in dozens of personal banking mini programs

Reading Time:2 minutes
Why you can trust SCMP
1
WeChat’s security guide for mini program developers says it may remove or suspend a service that is found to have potential issues with personal data leakage. Photo: AFP

Mini programs that operate within Tencent’s all-purpose WeChat super app pose “significant” risks for personal data leakage, according to an annual cybersecurity report published by a group reporting to China’s powerful internet watchdog.

The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) tested 50 personal banking mini programs and found that over 60 per cent did not encrypt any user information either on the device or when it was transmitted.

In addition, more than 90 per cent of those apps were found to have no protections in place for users’ sensitive data, said the report, which was released on Thursday.

“In recent years WeChat mini programs have developed rapidly, but they also exposed prominent security risks, [in particular] the risk of users’ personal information leakage is rather severe,” the authors of the report noted.

Mini programs are lightweight apps that can be launched within the WeChat super app without needing to be downloaded and installed. After testing the 50 banking mini apps, the report found that on average each one contained eight security risks.

01:26

China seeks recognition of its WeChat-based digital health certificates for overseas travel

China seeks recognition of its WeChat-based digital health certificates for overseas travel

The report did not disclose the names of the apps, and it is not clear if they have been asked to fix the security issues or if they have been removed.

Advertisement