Staff Reporters
Oct 14, 2019

Chinese Communist Party reported to have ‘back door’ access to 100 million users' phones

The party is allegedly able to access extensive data on more than 100 million mobile phones through its propaganda app, with Alibaba potentially behind the 'questionable' code.

President Xi Jinping leads the Communist Party of China
President Xi Jinping leads the Communist Party of China

The Communist Party of China appears to have code written into a propaganda app that allows it “superuser” access to all the data on the mobile phones on which it is downloaded.

Cure53, a German cybersecurity firm, conducted analysis of the code in the app and found that it enables the owners of the app to retrieve every message and photo from a user's phone, browse their contacts and internet history, and activate an audio recorder inside the device, according to the firm's report.

The firm was contracted to investigate the app by the Open Technology Fund, an initiative funded by the US government under Radio Free Asia.

Sarah Aoun, director of technology at the Open Technology Fund told the Washington Post that it means the Party essentially has access to the user data of over 100 million people, noting that the Chinese government is expanding its surveillance of citizens' day-to-day lives.

The app, called 'Study the Great Nation', was launched by the Communist Party in January and quickly became the most downloaded app on Apple’s app store in China, and on several Android app stores (Google and its Play Store are blocked in China). It has reportedly been downloaded on more than 100 million devices.

The app contains news articles and videos, many of them about Xi's activities or his ideology, 'Xi Jinping Thought'. Users of the app are rewarded with "study points" which can be redeemed for gifts in the app.

Cure53 said it managed to prove through its analysis of the ‘Study the Great Nation’ app one case of a clear human rights violation, according to the European Convention on Human Rights.

In its report, it said the app collects the following information on its users:

  • General information about the phone (IMEI, device model, brand, device ID, AppKey, info on whether the device is rooted)
  • Connection information (Wifi-SSID, carrier, VPN-check)
  • User-information (UIDs, cookies, session-IDs, Event-, Page- and Track-IDs, calls, call statistics, contacts)
  • Location
  • Running processes and services

“Given that the majority of citizens run this application, it essentially gives the government the capacity to determine - among other information - the location of every citizen at any single point in time,” the report read.

The app also contains code resembling a back door “which is able to run arbitrary commands on citizen phones with superuser privileges,” the report said. The firm said it was “difficult to justify" why an educational app would require this code. However, no evidence of usage could be identified during the test. The firm said further investigation is required to determine whether the code is used to perform malicious activities.

It suggested that Alibaba, the official maintainer of the app, appears to be the architect of the questionable artifacts found in the code.

The app also has all the capabilities it would need for more invasive mass data collection, Cure53 found, since many of its features requires permissions such as location, face recognition, microphone and camera access, call log and contact processing.

“The scale and potential to exploit this through hidden functionality in the obfuscated code should be the subject of further investigation,” the firm concluded.

Tags

Related Articles

Just Published

30 minutes ago

Make room for sadness

Self-care isn't always about participating in group meditations. Sometimes, it's about making room for sadness and showing compassion when we experience it.

42 minutes ago

Ford taps James Brown’s ‘soul’ and ‘swagger’ to ...

For 2021, Ford has committed 70% of its 2021 passenger vehicle marketing spend to three brands; the Mustang Mach-E, the Kuga range and the Puma EcoBoost hybrid.

53 minutes ago

Yannick Bolloré interview: ‘Havas is stronger now ...

Investors understand agency sector is 'a great business to invest in', CEO says.

17 hours ago

Campaign Creation Stories: How Tourism New Zealand ...

Campaign debuts a new series in which brand and agency leaders talk about how they collaborated to bring a great piece of work to life. In the premiere, Tourism NZ and Special Group discuss the somewhat insane idea of creating a daily brand video for a full year.