Study Reveals eSIM Data Sent to China Raises Security Concerns: Understanding How to Choose Safe Overseas Internet
A research team from Northeastern University testing 25 travel eSIM providers found that many devices were assigned IP addresses belonging to China Mobile, raising security concerns. cacaFly Chairman Chiu Chi-hung warned that user location and traffic metadata could be captured by Chinese systems, and advises travelers to use local native eSIMs or home carrier roaming services for better security.
📋 Article Processing Timeline
- 📰 Published: May 11, 2026 at 17:46
- 🔍 Collected: May 11, 2026 at 18:02 (15 min after Published)
- 🤖 AI Analyzed: May 11, 2026 at 19:12 (1h 10m after Collected)
cacaFly Holy Ocean Technology Chairman Chiu Chih-hung posted on Facebook, mentioning a paper published by a Northeastern University research team last August at the 34th annual conference of the non-profit international academic organization USENIX, titled "eSIMplicity or eSIMplification?".
Before purchasing an eSIM, consumers should first confirm the data provider to avoid unknown low-cost cards. If still preferring the convenience and price advantages of eSIMs, consider using "native eSIMs" which directly utilize the network resources of the local telecom operator at the destination. However, when using native eSIMs, it is important to note that if the installation steps require "turning on roaming," it might not be a true "native card."
Central News Agency (CNA website) eSIM services have gradually become the preferred choice for people traveling abroad in recent years due to advantages such as immediate purchase and use, and no need to replace physical cards. However, a research report points out that the solutions of mainstream travel eSIM operators assign IP addresses to devices that originate from Chinese telecom operators, raising public concerns about cybersecurity.
cacaFly Holy Ocean Technology Chairman Chiu Chih-hung posted on Facebook, mentioning a paper published by a Northeastern University research team last August at the 34th annual conference of the non-profit international academic organization USENIX, titled "eSIMplicity or eSIMplification?".
The research team tested 25 mainstream travel eSIM operators' solutions and found that the public network IP addresses assigned to devices did not match the user's actual location. For example, when using Holafly's eSIM for internet access, headquartered in Dublin, Ireland, the assigned IP range belonged to the Chinese telecom operator "China Mobile."
Chiu Chih-hung pointed out that China's "Cybersecurity Law" and "National Intelligence Law" stipulate that telecom operators operating within China must cooperate with national intelligence work. "Although China Mobile International is registered in Hong Kong, you and I both know the legal status of Hong Kong."
Some people may think that cybersecurity issues sound too distant. Chiu Chih-hung further explained that when people use eSIMs abroad, they might find that most cannot use AI tools like ChatGPT or Gemini because the network routes through Hong Kong, causing the system to mistakenly identify the user as a Hong Kong user.
Although some operators teach users to switch the APN to other regions to use AI tools, Chiu Chih-hung stated that changing the APN changes the "network exit," not the "network identity." From the moment the user turns on the device, location tracking, traffic behavior, and other information are already fully presented in China Mobile's system. The APN only affects the "final exit point"; all communication metadata continues to pass through China Mobile's core network.
Before purchasing an eSIM, consumers should first confirm the data provider to avoid unknown low-cost cards. If still preferring the convenience and price advantages of eSIMs, consider using "native eSIMs" which directly utilize the network resources of the local telecom operator at the destination. However, when using native eSIMs, it is important to note that if the installation steps require "turning on roaming," it might not be a true "native card."
The Ministry of Digital Development's Administration of Cybersecurity once pointed out that when using "original number roaming" services from Taiwanese telecom operators (such as Chunghwa Telecom, Far EasTone, Taiwan Mobile), communication content will be transmitted in an encrypted manner. Although data roaming may be more expensive in the short term, it is also safer than using local SIM cards or eSIMs. (Editor: Hei Li-an) 1150511
Choose to stand with facts. Your every sponsorship is the power to protect press freedom.
Download the "First-hand News" APP from Central News Agency to stay updated with the latest news.
All text, images, and videos on this website may not be reproduced, publicly broadcast, publicly transmitted, or utilized without authorization.
Before purchasing an eSIM, consumers should first confirm the data provider to avoid unknown low-cost cards. If still preferring the convenience and price advantages of eSIMs, consider using "native eSIMs" which directly utilize the network resources of the local telecom operator at the destination. However, when using native eSIMs, it is important to note that if the installation steps require "turning on roaming," it might not be a true "native card."
Central News Agency (CNA website) eSIM services have gradually become the preferred choice for people traveling abroad in recent years due to advantages such as immediate purchase and use, and no need to replace physical cards. However, a research report points out that the solutions of mainstream travel eSIM operators assign IP addresses to devices that originate from Chinese telecom operators, raising public concerns about cybersecurity.
cacaFly Holy Ocean Technology Chairman Chiu Chih-hung posted on Facebook, mentioning a paper published by a Northeastern University research team last August at the 34th annual conference of the non-profit international academic organization USENIX, titled "eSIMplicity or eSIMplification?".
The research team tested 25 mainstream travel eSIM operators' solutions and found that the public network IP addresses assigned to devices did not match the user's actual location. For example, when using Holafly's eSIM for internet access, headquartered in Dublin, Ireland, the assigned IP range belonged to the Chinese telecom operator "China Mobile."
Chiu Chih-hung pointed out that China's "Cybersecurity Law" and "National Intelligence Law" stipulate that telecom operators operating within China must cooperate with national intelligence work. "Although China Mobile International is registered in Hong Kong, you and I both know the legal status of Hong Kong."
Some people may think that cybersecurity issues sound too distant. Chiu Chih-hung further explained that when people use eSIMs abroad, they might find that most cannot use AI tools like ChatGPT or Gemini because the network routes through Hong Kong, causing the system to mistakenly identify the user as a Hong Kong user.
Although some operators teach users to switch the APN to other regions to use AI tools, Chiu Chih-hung stated that changing the APN changes the "network exit," not the "network identity." From the moment the user turns on the device, location tracking, traffic behavior, and other information are already fully presented in China Mobile's system. The APN only affects the "final exit point"; all communication metadata continues to pass through China Mobile's core network.
Before purchasing an eSIM, consumers should first confirm the data provider to avoid unknown low-cost cards. If still preferring the convenience and price advantages of eSIMs, consider using "native eSIMs" which directly utilize the network resources of the local telecom operator at the destination. However, when using native eSIMs, it is important to note that if the installation steps require "turning on roaming," it might not be a true "native card."
The Ministry of Digital Development's Administration of Cybersecurity once pointed out that when using "original number roaming" services from Taiwanese telecom operators (such as Chunghwa Telecom, Far EasTone, Taiwan Mobile), communication content will be transmitted in an encrypted manner. Although data roaming may be more expensive in the short term, it is also safer than using local SIM cards or eSIMs. (Editor: Hei Li-an) 1150511
Choose to stand with facts. Your every sponsorship is the power to protect press freedom.
Download the "First-hand News" APP from Central News Agency to stay updated with the latest news.
All text, images, and videos on this website may not be reproduced, publicly broadcast, publicly transmitted, or utilized without authorization.