China’s National Computer Network Emergency Response Technical Team (CN-CERT) said in its first-half report for 2019 that apps request an average of 25 permissions when installed, which is concerning as data theft remains a widespread issue.

To combat the mishandling of personal data in apps, the Chinese government has set up a task force.

The report says:

• More than 30 percent of apps request call privileges when they are not needed, CN-CERT said.
• A large number of apps display “abnormal behaviors,” including detecting which other applications a user has on their phone or requesting permissions to read and write files.
• Last year, data thieves siphoned off personal data from food delivery platforms and sold it for as little as RMB 0.10 ($0.01). Data syndicates are becoming more difficult to trace as their organizational structures grow more complex. Some domestic groups have spread to Southeast Asia to avoid police detection.
• The infected computers in mainland China amounted to about 0.22 million, among which about 0.13 million were controlled by Trojans or Botnets and about 0.09 million by Confickers.
• CNCERT monitored 3,433 websites planted with backdoors and 498 phishing web pages targeting websites in mainland China.