In PNG, where mobile phones are the primary gateway to banking, communication, and identity, this risk is amplified. For many users, a smartphone is not just a device. It is their wallet, their ID, and their connection to essential services.
This is not about a theoretical vulnerability or an obscure technical exploit. It is about the intersection of consumer software and national law, specifically the legal architecture that governs what foreign technology companies must do when their government asks for your data.
The Legal Foundation: China's National Intelligence Law
Before examining individual apps, it is worth understanding the legal framework that makes their origin country relevant.
In June 2017, China's National Intelligence Law established that all organisations and citizens must support, assist, and cooperate with national intelligence efforts. This applies to all Chinese companies, including those operating globally and used widely in PNG.
This matters for PNG because there is limited local regulatory oversight over foreign apps. Unlike larger jurisdictions, PNG does not yet have strong data protection enforcement mechanisms, nor the technical capacity to audit how data is handled once it leaves the country.
The Intelligence Law allows authorities to request access to communications infrastructure and data. When combined with China's Cybersecurity Law and Counter Espionage Law, it creates a system where companies may be compelled to provide access to user data, including data originating from PNG users.
Some legal scholars debate how broadly these laws are enforced. However, the structural reality remains. Companies may not have a meaningful ability to refuse cooperation.
For PNG users, this means your data may be subject to foreign legal systems without your knowledge or consent.
The Seven Apps
1. TikTok
TikTok is widely used across PNG, particularly among younger users and small businesses using it for marketing and income generation.
The concern is not just popularity. It is a data collection behaviour.
Research has shown that the app collects device data, clipboard content, account information, and location data frequently. Reports have also indicated that data has been accessed by engineers based in China despite claims of localised storage.
For PNG, this matters because:
- Many users access TikTok on the same devices used for mobile banking
- Digital literacy levels vary, so permissions are often accepted without review
- There is limited awareness of how data flows internationally
TikTok’s privacy policy allows the collection of biometric data such as faceprints and voiceprints. This is sensitive data that PNG has no legal framework to protect once exported.
2. CapCut
CapCut is widely used in PNG alongside TikTok for content creation, especially by SMEs and youth.
It collects:
- Facial data from videos
- Device identifiers
- Clipboard content
- Audio transcription
In PNG, where family and community videos are commonly shared, this creates risk beyond the individual user. Children and relatives appearing in videos have no awareness or consent.
The issue is not the tool itself. It is the data extraction behind it.
3. Temu
Temu has gained traction in PNG due to low prices and access to goods not easily available locally.
That convenience comes with trade-offs.
Security analysis has raised concerns about:
- Hidden data collection functions
- Extensive access to device data
- Behaviour inconsistent with a standard shopping app
For PNG users:
- Many use the same phone for banking and shopping
- Payment details and personal data may be exposed
- There is little recourse if the data is misused
Low cost does not mean low risk. It often means the business model is elsewhere.
4. Shein
Shein is popular in PNG’s urban centres, particularly among younger consumers.
However, its app behaviour has raised concerns:
- Requests permissions not required for shopping
- Communicates with external servers beyond expected retail use
In PNG, where consumer protection enforcement is limited, users rely heavily on trust. That trust is not backed by strong regulatory safeguards.
5. Bigo Live
Bigo Live has a presence in PNG’s social media landscape, particularly for live streaming and influencer activity.
Live streaming apps require:
- Camera access
- Microphone access
- Continuous data transmission
The risk increases when this data is combined with:
- Location tracking
- Behavioural profiling
For PNG users, this can expose:
- Home environments
- Movement patterns
- Personal interactions
This is high-sensitivity data.
6. Likee
Likee is used by younger audiences in PNG, including teenagers and children.
It collects:
- Location data
- Device identifiers
- Contact information
- Behavioural patterns
The concern is straightforward.
Children’s data is being collected and transmitted outside PNG, with no meaningful local protections in place.
Parents are often unaware of the extent of this data collection.
7. AliExpress
AliExpress is widely used in PNG due to limited local e-commerce options.
It collects:
- Purchase history
- Payment information
- Device data
- Location patterns
While functional, it still operates under a legal system that may allow access to this data.
In PNG, where alternatives are growing but still limited, users often prioritise availability over security.
That trade-off needs to be understood clearly.
What to Do: A Practical 10 Step Response
Deleting these apps is the first step. It is not enough.
- Uninstall or disable all listed apps
- Clear residual data from your device
- Review third-party app access in your Google account
- Change passwords, especially reused ones
- Audit app permissions carefully
- Delete your advertising ID
- Reduce Google data tracking and retention
- Use privacy-focused browsers such as Firefox or Brave
- Use DNS services like NextDNS or Cloudflare 1.1.1.1
- Share this information within your network
For PNG, awareness is the biggest gap. Most users are not making an informed decision. They are operating on convenience.
A Note on Nuance
This is not about fear or banning technology.
These apps provide real value. They support income generation, communication, and access to goods in PNG.
The issue is asymmetry.
- Data leaves PNG
- Control does not
- Legal protection does not follow
That imbalance is the risk.
You do not need to wait for regulation. PNG’s regulatory environment is still developing. Personal responsibility is the first line of defence.
Sources and Further Reading
- National Intelligence Law of the People's Republic of China (2017, amended 2018) — China Law Translate
- Lawfare — Beijing's New National Intelligence Law: From Defense to Offense (Murray Scot Tanner) — lawfaremedia.org
- Carnegie Endowment for International Peace — Managing the Risks of China's Access to U.S. Data (January 2025) — carnegieendowment.org
- Internet 2.0 — TikTok Technical Analysis Report (2022) — via Radio Free Asia
- BuzzFeed News — Leaked Audio From 80 Internal TikTok Meetings (Emily Baker-White, June 2022) — buzzfeednews.com
- GWU International Law & Policy Brief — China, ByteDance, and Data Privacy (October 2023) — studentbriefs.law.gwu.edu
- The Record (Recorded Future News) — Lawsuit: ByteDance's CapCut app secretly reaps massive amounts of user data (August 2023) — therecord.media
- Grizzly Research — We Believe PDD Is a Dying Fraudulent Company and Its Shopping App TEMU Is Cleverly Hidden Spyware (September 6, 2023) — grizzlyreports.com
- Snopes — Is Temu Shopping App a Communist China-Based Scam That Spies on Users? (June 2023) — snopes.com
- China Law Translate — What China's National Intelligence Law Says, And Why It Doesn't Matter (Jeremy Daum) — chinalawtranslate.com
- Wikipedia — National Intelligence Law of the People's Republic of China — en.wikipedia.org
- Radio Free Asia — Asia Fact Check Lab: Can TikTok Share US User Data With China's Government? — rfa.org
Last reviewed: April 2026. PNG users should monitor regional policy developments and platform changes.
Comments
Post a Comment