Tuesday , July 16 2019
Home / World News / Visiting China? You may find a new app digging into your phone

Visiting China? You may find a new app digging into your phone

The app gathers personal data from phones, including text messages and contacts. It also checks whether devices are carrying pictures, videos, documents and audio files that match any of more than 73,000 items included on a list stored within the app’s code.

An internment camp in the Kunshan Industrial Park in Artux in China's Xinjiang region.

An internment camp in the Kunshan Industrial Park in Artux in China’s Xinjiang region.Credit:AP

Those items include Islamic State publications, recordings of jihadi anthems and images of executions. But they also include material without any connection to Islamic terrorism, an indication of China’s heavy-handed approach to stopping extremist violence. There are scanned pages from an Arabic dictionary, recorded recitations of Koran verses, a photo of the Dalai Lama and even a song by a Japanese band of the earsplitting heavy-metal style known as grindcore.

“The Chinese government, both in law and practice, often conflates peaceful religious activities with terrorism,” Maya Wang, a China researcher for Human Rights Watch, said. “You can see in Xinjiang, privacy is a gateway right: Once you lose your right to privacy, you’re going to be afraid of practising your religion, speaking what’s on your mind or even thinking your thoughts.”

A Uighur woman in Kashgar, Xianjing. China watches every step Muslims take in the region.

A Uighur woman in Kashgar, Xianjing. China watches every step Muslims take in the region.

The United States has condemned Beijing for the crackdown in Xinjiang, which Chinese officials defend as a non-lethal way of fighting terrorism. The region is home to many of the country’s Uighurs, a Turkic ethnic group, and the Chinese government has blamed Islamic extremism and Uighur separatism for deadly attacks on Chinese targets.

In the past few years, China has placed hundreds of thousands of Uighurs and other Muslims in reeducation camps in Xinjiang. For the region’s residents, police checkpoints and surveillance cameras equipped with facial recognition technology have imbued life with a corrosive fear of acting out of turn.

Police officers in Kashgar, Xinjiang.

Police officers in Kashgar, Xinjiang.Credit:Bloomberg

With the scanning of phones at the border, the Chinese government is applying similarly invasive monitoring techniques to people who do not even live in Xinjiang or China. Beijing has said that terrorist groups use Central Asian countries as staging grounds for attacks in China.

Three people who crossed the Xinjiang land border from Kyrgyzstan in the past year said that as part of a lengthy inspection, Chinese border officials had demanded that visitors unlock and hand over their handsets and computers. On Android devices, officers installed an app called Fengcai (pronounced “FUNG-tsai”), a name that evokes bees collecting pollen.

A copy of Fengcai was examined by journalists from The New York Times; the German newspaper Sueddeutsche Zeitung; the German broadcaster NDR; The Guardian; and Motherboard, the Vice Media technology site.

The icon for the Fengcai app found on phones belonging to visitors to China.

The icon for the Fengcai app found on phones belonging to visitors to China.Credit:Screengrab

One of the journalists undertook the border crossing in recent months. Holders of Chinese passports, including members of the majority Han ethnic group, had their phones checked as well, the journalist said.

Apple devices were not spared scrutiny. Visitors’ iPhones were unlocked and connected via a USB cable to a hand-held device, the journalist said. What the device did could not be determined.

The journalists also asked researchers at the Ruhr-University Bochum in Germany and the Open Technology Fund, an initiative funded by the U.S. government under Radio Free Asia, to analyse the code of the Android app, Fengcai. The Open Technology Fund then requested and funded an assessment of the app by Cure53, a cyber security company in Berlin.

The app’s simple design makes the inspection process easy for border officers to carry out. After Fengcai is installed on a phone, the researchers found, it gathers all stored text messages, call records, contacts and calendar entries, as well as information about the device itself. The app also checks the files on the phone against the list of more than 73,000 items.

This list contains only the size of each file and a code that serves as a unique signature. It does not include the files’ names or other information that would indicate what they are.

Loading

But at the journalists’ request, researchers at the Citizen Lab, an internet watchdog group based at the University of Toronto, obtained information about roughly 1400 of the files by comparing their signatures with ones stored by VirusTotal, a malware-scanning service owned by Google sibling company Chronicle. Additional files were identified by Vinny Troia, founder of cyber security firm NightLion Security; and York Yannikos of the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany.

Most of the files that the journalists could identify were related to Islamic terrorism: Islamic State recruitment materials in several languages, books written by jihadi figures, information about how to derail trains and build homemade weapons.

Many of the files were more benign. There were audio recordings of Koran verses recited by well-known clerics, the sort of material that many practicing Muslims might have on their phones. There were books about Arabic language and grammar, and a copy of The Syrian Jihad, a book about the country’s civil war by researcher Charles Lister.

China's monitoring means rail passengers are scanned by face recognition software and are warned over the railway station's PA system to behave or their behaviour will be recorded on their social credit file.

China’s monitoring means rail passengers are scanned by face recognition software and are warned over the railway station’s PA system to behave or their behaviour will be recorded on their social credit file.Credit:Sanghee Liu

Lister said he did not know why the Chinese authorities might consider him or his book suspicious. He speculated that it might only be because the word “jihad” was in the title.

Other files the app scans for have no link to Islam or Islamic extremism. There are writings by the Dalai Lama, whom China considers a dangerous separatist, and a photograph of him. There is a summary of The 33 Strategies of War, a book by author Robert Greene on applying strategic thinking to everyday life.

“It’s a bit of a mystery to me,” Greene said, when told that his book had been flagged.

There is also, puzzlingly, an audio file of a metal song: Cause and Effect, by Japanese band Unholy Grave. The reason for the song’s inclusion was not clear, and an email sent to an address on Unholy Grave’s website was not answered.

Loading

After Fengcai scans a phone, the app generates a report containing all contacts, text messages and call records, as well as lists of calendar entries and of other apps installed on the device. It sends this information to a server.

Two of the people who recently crossed the Xinjiang border said that before officials returned phones to their owners, they took photos of each owner’s passport next to his or her device, making sure that the app was visible on the screen.

This suggests that authorities have been told to be thorough in scanning visitors’ phones, although it was not clear how they were using the information they acquired as a result. It also could not be determined whether anyone had been detained or monitored because of information generated by the app. If Fengcai remains on a person’s phone after it is installed, it does not continue scanning the device in the background, the app’s code indicates.

Officials in Xinjiang are now gathering oceans of personal information, including DNA and data about people’s movements. It would not be surprising for the Chinese authorities to want this harvesting of data to begin at the region’s borders.

China’s Ministry of Public Security and the Xinjiang regional government did not respond to requests for comment.

Names that appear in Fengcai’s source code suggest that the app was made by a unit of FiberHome, a producer of optical cable and telecom equipment that is partly owned by the Chinese state. The unit, Nanjing FiberHome StarrySky Communication Development Company, says on its website that it offers products to help police collect and analyse data and that it has signed agreements with security authorities across China.

FiberHome and StarrySky did not respond to requests for comment.

According to StarrySky’s website, the company offers “cellphone forensic equipment”, which it says can extract, analyse and recover data from mobile phones.

On another page, StarrySky says the purpose of its “smart policing” products is “to let there be not a bad guy in the world who is hard to catch.”

The New York Times

Most Viewed in World

Loading

About admin

Check Also

Billionaire showed how deep alienation ran in American society

The similarities don’t end there. Like Trump, Perot was a media innovator. He announced his …