The spyware gathers everything from text messages to people’s contacts, and also looks for content China considers threatening.
The news: An investigation by several publications, including Motherboard, the New York Times, and the Guardian, has uncovered a systematic effort by China to spy on devices carried into Xinjiang. It’s part of a massive surveillance operation launched by China in the northwestern territory, which is home to a Chinese Muslim population known as Uighurs.
The spyware: Traders, tourists, and other people crossing the land border from central Asia into Xinjiang are being asked to hand over their phones. Border guards are then loading an app known as Fengcai onto them. This sucks up calendar entries, text messages, phone contacts, and call logs, all of which are then sent to a remote server. It also checks which other apps are on a device. The Fengcai app studied by the reporters was for Android phones, but they also saw guards collect iPhones and plug them into a handheld device.
Content snooping: Security researchers who studied the app found it was also checking phones’ content against a register of over 73,000 items included in a list embedded in the app’s code. Some of the items are things that could be used by terrorists, such as instructions for making weapons and derailing trains.
But the surveillance net is being cast very wide. The list also includes material like books about the Arabic language, audio recordings of the Quran, and even a song by a Japanese band called Unholy Grace, which may have attracted China’s ire when it came out with a track called “Taiwan: Another China.”
Big Chinese Brother: This isn’t the first time that China has force-fed apps to people. But it shows the extent to which the country is willing to go to create a massive surveillance state. (See “Who needs democracy when you have data?”) Even though the country is rolling out new kinds of surveillance tools, from DNA databases to face recognition software, its insatiable hunger for data means it’s likely to dive ever deeper into the computers that people carry in their pockets.
How to preserve your digital memories
Following recent announcements by Google and Twitter, more data deletion policies are coming.
Your digital life isn’t as permanent as you think it is
Google will delete accounts after two years of inactivity, and experts expect more data deletion policies to come
Catching bad content in the age of AI
Why haven’t tech companies improved at content moderation?
Behind the scenes of Carnegie Mellon’s heated privacy dispute
Researchers at Carnegie Mellon University wanted to create a privacy-preserving smart sensor. They were accused of violating privacy instead.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.