I went back to China last month only to find myself acting like a redneck and completely overwhelmed by the use of smartphone in everyday life. The minute I crossed the border I noticed that everybody was clicking virtual buttons on their smartphone, which I realized it made perfect sense as everything was about a smartphone: buying everything from subway tokens to produce in local markets with e-wallets, hailing a taxi or ordering food delivery on WeChat which only functioned as a chat application two years ago, renting an umbrella or a bike by simply scanning a QR code on the product. When I was at renewing my driver’s license at the police department, the officer handed me a QR code and said, “Scan it and pay the fee on WeChat. We don’t accept cash or credit card payment here.”

Screenshot from 2017-06-23 18-01-59

This is just the tip of the iceberg of how “cashless” China–where 70 percent of internet users don’t regard cash a daily necessity any more–has become. Along with it is the growing popularity of sharing economy 共享经济, a concept that originally referred to peer-to-peer based sharing of access to goods and services. The market size of China’s sharing economy reached over 3.4 trillion yuan in 2016, with over 600 million people participating in this form of economy. It is estimated that sharing economy will account for 20 per cent of China’s GDP by 2025.

While most people warmly welcome these services, concerns over personal privacy, data security and even surveillance seems to have been neglected or conveniently accepted as a “trade-off” by many Chinese users — and they shouldn’t be for the following reasons.

First, the issue of personal privacy. A recent survey suggests that 80 per cent of China’s top 50 website and mobile applications from different categories have poor policies. WeChat, the most popular chat app in China, was rated 1 out of 5 points in the survey question “whether the policies explain how the company manage data security.” Sina Weibo, China’s biggest Twitter-like service, got 1 out of 5 in “whether the policies disclose how the company is using user’s personal data.” Not to mention some websites and apps don’t have privacy policies at all.

In the meantime, many Chinese mobile apps have intrusive privacy policies. For example, iFly Input 讯飞输入法 and Sogou Input 搜狗输入法, two of the most widely-used mobile input apps in China, ask for permission to obtain location, phonebook information and full access to users’ keylogging records whenever they are using the apps.

The second concern is over data security. As observers pointed out, the nature of sharing economy is a data-driven economy. Unlike Western countries, China’s path to a cashless society is based on mobile payment rather than credit cards. Our whole life is somehow mirrored on the Internet via our smartphone. The biggest gain for companies that push for sharing or any mobile payment-based services is not the transaction fee but multiple terabytes of data generate daily.

On the bright side, the massive amount of data could be used to improve public services and urban planning. On the dark side, however, failure to protect the data — a common weakness shared by many Chinese Internet companies — can lead to serious and at least distressing consequences. While security threats are certainly not unique to any country, users, especially active civil society groups, activists and dissidents, in authoritarian countries like China are known to face unique challenges from hackers, commercial platforms and last but not least, the government.

A 2016 report shows that as many as 500 million users had been affected by mobile viruses, 2.39 per cent of them were specifically targeted at their mobile payment apps. Some attempted to surveil on users by stealing their chat records and SMSs. Meanwhile, instances where employees of Internet companies stole and sold users’ personal data are not uncommon. Last year, a Guangzhou-based leading Chinese newspaper found that a little cash could obtain an incredible amount of personal data using just a person’s national ID number, including a full history of flights and hotel rooms checked-in information, call logs, internet cafes visited, border entries and exits, apartment rentals etc. With a modest additional fee, one could even track the person’s real-time location.

And then there is the Big Brother. Take iFly Input again as an example. To make matters more concerning, iFly Input is developed by iFlyTek, a Chinese information technology company that works closely with Chinese public security departments (Fun fact: the page detailing the application of iFlyTek’s technology in public security is missing from its English site). Ofo, one of the most popular bike-shared service providers in China, has announced a partnership with Beidou Navigation 北斗卫星定位系统, a Chinese government-backed satellite positioning system, to  real-time location of its bikes. Cybersecurity experts worry that these companies would share user data with governments, enabling an effective, omniscient surveillance state and “i-dictatorship”.

Screenshot from 2017-06-23 18-03-16

As one market watcher remarked, “It’s not really sharing. It’s owned by a tech company. It’s a leasing model… and data capturing is one of their key agendas.” Chinese authorities predict that sharing economy services will likely be consolidated into the hands of five to 10 big players in the market within the next decade. While it for sure makes our life more convenient and eco-friendly, we must also bear in mind the privacy risks and security threats we are subjecting ourselves to.