Staff Reporters
Oct 14, 2019

Chinese Communist Party reported to have ‘back door’ access to 100 million users' phones

The party is allegedly able to access extensive data on more than 100 million mobile phones through its propaganda app, with Alibaba potentially behind the 'questionable' code.

President Xi Jinping leads the Communist Party of China
President Xi Jinping leads the Communist Party of China

The Communist Party of China appears to have code written into a propaganda app that allows it “superuser” access to all the data on the mobile phones on which it is downloaded.

Cure53, a German cybersecurity firm, conducted analysis of the code in the app and found that it enables the owners of the app to retrieve every message and photo from a user's phone, browse their contacts and internet history, and activate an audio recorder inside the device, according to the firm's report.

The firm was contracted to investigate the app by the Open Technology Fund, an initiative funded by the US government under Radio Free Asia.

Sarah Aoun, director of technology at the Open Technology Fund told the Washington Post that it means the Party essentially has access to the user data of over 100 million people, noting that the Chinese government is expanding its surveillance of citizens' day-to-day lives.

The app, called 'Study the Great Nation', was launched by the Communist Party in January and quickly became the most downloaded app on Apple’s app store in China, and on several Android app stores (Google and its Play Store are blocked in China). It has reportedly been downloaded on more than 100 million devices.

The app contains news articles and videos, many of them about Xi's activities or his ideology, 'Xi Jinping Thought'. Users of the app are rewarded with "study points" which can be redeemed for gifts in the app.

Cure53 said it managed to prove through its analysis of the ‘Study the Great Nation’ app one case of a clear human rights violation, according to the European Convention on Human Rights.

In its report, it said the app collects the following information on its users:

  • General information about the phone (IMEI, device model, brand, device ID, AppKey, info on whether the device is rooted)
  • Connection information (Wifi-SSID, carrier, VPN-check)
  • User-information (UIDs, cookies, session-IDs, Event-, Page- and Track-IDs, calls, call statistics, contacts)
  • Location
  • Running processes and services

“Given that the majority of citizens run this application, it essentially gives the government the capacity to determine - among other information - the location of every citizen at any single point in time,” the report read.

The app also contains code resembling a back door “which is able to run arbitrary commands on citizen phones with superuser privileges,” the report said. The firm said it was “difficult to justify" why an educational app would require this code. However, no evidence of usage could be identified during the test. The firm said further investigation is required to determine whether the code is used to perform malicious activities.

It suggested that Alibaba, the official maintainer of the app, appears to be the architect of the questionable artifacts found in the code.

The app also has all the capabilities it would need for more invasive mass data collection, Cure53 found, since many of its features requires permissions such as location, face recognition, microphone and camera access, call log and contact processing.

“The scale and potential to exploit this through hidden functionality in the obfuscated code should be the subject of further investigation,” the firm concluded.


Related Articles

Just Published

17 hours ago

Behind Marriott Bonvoy’s first APAC campaign

Marriott Bonvoy’s marketer Julie Purser on the brand’s new ‘Here’ campaign—conceptualised by TSLA— and why it’s a reminder of the unscripted moments travellers miss when on holiday.

17 hours ago

Move and win roundup: Week of August 15, 2022

Wavemaker, OMG, and Teneo help kick-off Campaign Asia-Pacific’s weekly round-up of account wins and people hires.

18 hours ago

Publicis' sustainability shop Salterbaxter arrives ...

Salterbaxter will work with companies in Australia to help them develop sustainability strategies and actions.

19 hours ago

Asia-Pacific Power List 2022: Melissa Henson, Manulife

As the pandemic spurred Filipinos to reassess critical illness, Henson strengthened Manulife’s offerings to ensure tailwinds to the business.