Apart from the regular body search at specific areas in China, foreigners face a weird problem. Chinese authorities install spyware on iPhones and Android phones belonging to visitors.
Media persons from leading publishing houses like Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR, have found that security officials install spyware in Android devices.
Universal Forensic Extraction Device Used for iPhone by Security Agencies
Once they install malware on Android phones, they can gain access to users’ calendar, phone contacts, call logs, and text messages. Moreover, authorities can also check apps visitors use and their usernames in a few apps.
For iPhone users, Chinese authorities adopt a different tactic. Since iOS devices restrict the entry of any third-party malware or spyware, Chinese agencies use equipment to download data from iPhones, reports by Vice.
A reporter from Süddeutsche Zeitung said they saw machines that seem to be searching iPhones at border areas.
The machines looked like Cellebrite’s Universal Forensic Extraction Device (UFED); such devices are known for capturing data from iPhones.
Security agencies in China conduct this surveillance, especially on foreigners who visit the Xinjiang region.
Combined investigation of Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR has revealed,
“Foreigners crossing certain Chinese borders into the Xinjiang region, where authorities are conducting a massive campaign of surveillance and oppression against the local Muslim population, are being forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities”.
“The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveler’s device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.”
“Once installed on an Android phone, by “side-loading” its installation and requesting certain permissions rather than downloading it from the Google Play Store, BXAQ collects all of the phone’s calendar entries, phone contacts, call logs, and text messages and uploads them to a server, according to expert analysis. The malware also scans the phone to see which apps are installed, and extracts the subject’s usernames for some installed apps.”
It is quite easy for Chinese authorities to install malware on Android phones; for iPhones, they have to rely on Universal Forensic Extraction Device.
Do you think Chinese authorities are doing the right thing at border areas?