8 votes

China's border guards are installing malware onto the phones of travellers crossing its border

4 comments

  1. [2]
    Deimos (edited ) Link
    This seems to be a pretty large, joint investigation between a few outlets. There are other articles published by the other collaborators on the story: The New York Times - China Snares Tourists’...

    This seems to be a pretty large, joint investigation between a few outlets. There are other articles published by the other collaborators on the story:

    Motherboard has also uploaded the app's APK to GitHub here: https://github.com/motherboardgithub/bxaq

    5 votes
    1. sron Link Parent
      A milti-news-outlet effort to expose a privacy scandal, much like Cambridge Analytica. Sadly I don't think this is going to gain as much traction as that did, the solution isn't quite as "simple"...

      A milti-news-outlet effort to expose a privacy scandal, much like Cambridge Analytica. Sadly I don't think this is going to gain as much traction as that did, the solution isn't quite as "simple" as turning your back on Facebook and it's pretty much out of our hands as well.

      That said, the political climate didn't change much in the US or UK after CA were found out, so maybe there are a few more similarities than I first thought.

      1 vote
  2. sron Link
    The app is sideloaded and uses Android's permission system to access call logs, SMS, calendar entries, files and installed apps. Any Android app can do any of these things. Title edited for...

    Foreigners crossing certain Chinese borders into the Xinjiang region, where authorities are conducting a massive campaign of surveillance and oppression against the local Muslim population, are being forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities

    The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software.

    Motherboard has uploaded a copy of the Android app to our GitHub account.

    The app is sideloaded and uses Android's permission system to access call logs, SMS, calendar entries, files and installed apps. Any Android app can do any of these things. Title edited for factual correctness - the app is not installed by the user as the title suggests

    4 votes
  3. sron Link
    I think the fact that any Android app can do any of these things - all without root access, and sometimes without the users choice - is quite an important one here. The only reason this specific...

    I think the fact that any Android app can do any of these things - all without root access, and sometimes without the users choice - is quite an important one here. The only reason this specific example is being mentioned so much is because it's China - but there have been cases apps from the Play Store have used Android's permission system against its users.

    Is the right answer to lock down these things iOS-style or not? Android is great because it's so open, but it's also big in developing countries, many users coming online for the first time - we can't expect them all to know how to spot a shady app.

    2 votes