Staff Reporters
Oct 14, 2019

Chinese Communist Party reported to have ‘back door’ access to 100 million users' phones

The party is allegedly able to access extensive data on more than 100 million mobile phones through its propaganda app, with Alibaba potentially behind the 'questionable' code.

President Xi Jinping leads the Communist Party of China
President Xi Jinping leads the Communist Party of China

The Communist Party of China appears to have code written into a propaganda app that allows it “superuser” access to all the data on the mobile phones on which it is downloaded.

Cure53, a German cybersecurity firm, conducted analysis of the code in the app and found that it enables the owners of the app to retrieve every message and photo from a user's phone, browse their contacts and internet history, and activate an audio recorder inside the device, according to the firm's report.

The firm was contracted to investigate the app by the Open Technology Fund, an initiative funded by the US government under Radio Free Asia.

Sarah Aoun, director of technology at the Open Technology Fund told the Washington Post that it means the Party essentially has access to the user data of over 100 million people, noting that the Chinese government is expanding its surveillance of citizens' day-to-day lives.

The app, called 'Study the Great Nation', was launched by the Communist Party in January and quickly became the most downloaded app on Apple’s app store in China, and on several Android app stores (Google and its Play Store are blocked in China). It has reportedly been downloaded on more than 100 million devices.

The app contains news articles and videos, many of them about Xi's activities or his ideology, 'Xi Jinping Thought'. Users of the app are rewarded with "study points" which can be redeemed for gifts in the app.

Cure53 said it managed to prove through its analysis of the ‘Study the Great Nation’ app one case of a clear human rights violation, according to the European Convention on Human Rights.

In its report, it said the app collects the following information on its users:

  • General information about the phone (IMEI, device model, brand, device ID, AppKey, info on whether the device is rooted)
  • Connection information (Wifi-SSID, carrier, VPN-check)
  • User-information (UIDs, cookies, session-IDs, Event-, Page- and Track-IDs, calls, call statistics, contacts)
  • Location
  • Running processes and services

“Given that the majority of citizens run this application, it essentially gives the government the capacity to determine - among other information - the location of every citizen at any single point in time,” the report read.

The app also contains code resembling a back door “which is able to run arbitrary commands on citizen phones with superuser privileges,” the report said. The firm said it was “difficult to justify" why an educational app would require this code. However, no evidence of usage could be identified during the test. The firm said further investigation is required to determine whether the code is used to perform malicious activities.

It suggested that Alibaba, the official maintainer of the app, appears to be the architect of the questionable artifacts found in the code.

The app also has all the capabilities it would need for more invasive mass data collection, Cure53 found, since many of its features requires permissions such as location, face recognition, microphone and camera access, call log and contact processing.

“The scale and potential to exploit this through hidden functionality in the obfuscated code should be the subject of further investigation,” the firm concluded.

Tags

Related Articles

Just Published

2 hours ago

2020 – the year that marketing means business

R3 and Campaign's latest CMO Outlook shows marketers are closer to the head of the table than ever as marketing’s integration with multiple areas of business has brought its significance and potential into full scope.

2 hours ago

Does the PR industry have an ageism problem?

Yes, say veterans who accuse agencies of missing the big picture while “fetishizing youth.”

3 hours ago

Yellowtail finds joy in the details with bright new ...

Upbeat cheery effort for Aussie winery runs in stark contrast to many dreary portrayals of life in 2020.

12 hours ago

This film promoting the Line BK app is a major ...

When GreyUnitednj teams up with Thailand's Kasikorn bank we know wackiness ensues. But is throwing concentration out the window a good thing?