The heterogeneous aggregation signcryption technology not only solves the problem of communication under different cryptosystems, but also performs aggregate signature verification on multiple messages. This paper analyzes the heterogeneous signcryption scheme proposed by Niu et al. that ensures data privacy, and points out that both single signcryption and aggregation signcryption can be forged in this scheme, and there are passive attacks in the key generation center. Firstly, we detail a specific attack process, which illustrates that the Niu scheme generates passive attacks. Secondly, we improve the Niu scheme and prove that the improved scheme has no security holes through security analysis. Finally, performance analysis and simulation show that the improved scheme has the equivalent efficiency to the original scheme.