China steps up cellphone security as it becomes world leader in mobile payments

The China Internet Network Information Centre has warned that the country needs to be constantly vigilant in regards to cellphone security.
The China Internet Network Information Centre has warned that the country needs to be constantly vigilant in regards to cellphone security.PHOTO: EPA-EFE

BEIJING (CHINA DAILY/ASIA NEWS NETWORK) - In China, cellphones are the new target of hackers, as the country becomes a world leader in mobile payments.

The China Internet Network Information Centre has warned that the country needs to be constantly vigilant, given that the number of netizens rose 1.1 per cent from 2016 to 751 million at the end of June. Of them, 724 million, or 96.3 per cent, are mobile phone users.

At a mobile safety summit forum in Beijing this year, deputy secretary-general Zhang Jian of the Cybersecurity Association of China said the massive user base and the booming mobile internet would mean smartphones will pose major cybersecurity issues.

Most users' smartphones double up as electronic wallets, thus becoming a leading target for hackers, who will seek payment transfer details, personal data and passwords, Mr Zhang said.

China has already become a world leader in mobile payments. Transaction volumes of third-party mobile payments rose nearly fivefold last year to 58.8 trillion yuan (S$12 trillion), according to consultancy iResearch.

Deputy secretary-general Shi Xiansheng of the Internet Society of China said payment traps top cybersecurity threats-they affected 88.3 per cent of mobile internet users last year.

Next were privacy violations - almost 76 per cent - followed by nuisance calls, unsolicited promotional or marketing calls and spam messages (almost 63 per cent).

Some users of internet-banking facility could lose money directly from their bank accounts if their mobile phones are compromised. Mining of information from smartphones and misuse of it is another threat.

A joint report released in July by Chinese internet giant Tencent Holdings and the Data Centre of China Internet showed that nearly 97 per cent of Android apps had access to users' privacy. Around one-fourth of Android apps even violate users' privacy.

And almost 70 per cent third-party iOS apps have access to private information and personal features on iPhones.

Mr Shi said download-happy people need to be wary of apps, particularly image-editing apps, as some of them may invade their e-privacy.

"Of course, people should also be wary of many other types of apps that seek more permissions than required, and go on to collect more information than what they really need," Mr Shi said.

Cyberattacks usually target open operating platforms such as Android as smartphone manufacturers allow downloads and installation of third-party programs and apps.

A report published in May by the Internet Society of China and the National Computer Network Emergency Response Technical Team/Coordination Centre of China noted that more than two million malicious mobile internet programs were detected last year. And 99.9 per cent of them targeted Android devices.

Mr Zhang from the Cybersecurity Association of China said: "Normal apps would be infected with viruses. And some apps themselves are developed as malware."

Chief security officer Gong Wei of Shanghai Lantern Network Technology said that compared with insecure Wi-Fi hotspots, bigger threats came from insecure knockoff apps.

"While hackers can easily obtain personal data over public Wi-Fi hotspots, they can rarely access payment or money transfer details in the encrypted format over public Wi-Fi," Mr Gong said.

"However, hackers can easily access all those data, including personal information and payment data, via insecure apps."

On June 27, China announced an emergency response plan for cybersecurity incidents to prevent and reduce the damage inflicted by them, protect public interest and safeguard national security.

The new plan divides cybersecurity incidents into six categories. Of them, three are key: pernicious procedural incidents, cyberattacks and information security incidents.

The plan also defines four levels of security warning and response systems, according to different threat conditions from "general" to "extremely serious".

Mr Zhang said as mobile operating system vulnerabilities do exist and the critical ones would result in serious cyberattacks via remote access to the device, both the government, enterprises and individual users should prepare better for potential security risks.

There is a need for a better mechanism to manage e-virus infections as well, he said.

Agreeing, Ms Zhou Yiqing, chairman of handset maker Sunshine Group, said smartphone makers need to have a long-term plan to improve their devices to better defend users from potential risks.

Mr Shi said: "When surfing the internet via smartphones, users should be careful to not leave too much personal information on online platforms. Users should also not download apps from insecure channels and should look through the user agreement to decide whether or not to give the permissions sought.

"Otherwise, hackers will be able to access personal data easily."