The UK Guardian reported on Tuesday that border police in the Chinese province of Xinjiang, home of the oppressed Uighur Muslims, are installing secret surveillance apps on the smartphones of travelers who enter the region and raiding those phones for personal information.
The Guardian worked with other international media organizations to explore the treatment given to visitors from Kyrgyzstan when they cross the border into Xinjiang:
Border guards are taking their phones and secretly installing an app that extracts emails, texts and contacts, as well as information about the handset itself.
Tourists say they have not been warned by authorities in advance or told about what the software is looking for, or that their information is being taken.
The investigation, with partners including Süddeutsche Zeitung and the New York Times, has found that people using the remote Irkeshtam border crossing into the country are routinely having their phones screened by guards.
The Chinese government targets Kyrgyzstan for extra scrutiny because Uighur Muslims often attempt to flee there. The Chinese claim Uighur terrorists maintain training camps in the mountainous region of Kyrgyzstan near the border.
The spyware installed by Chinese agents reportedly ransacks cell phones for personal information and scans for any content deemed “problematic” by the Chinese Communist Party – a very long list of forbidden subjects that could get the unsuspecting traveler flagged for even more intensive surveillance, arrested, or sentenced to the infamous detention camps of Xinjiang:
Analysis by the Guardian, academics and cybersecurity experts suggests the app, designed by a Chinese company,searches Android phones against a huge list of content that the authorities view as problematic.
This includes a variety of terms associated with Islamist extremism, including Inspire, the English-language magazine produced by al-Qaida in the Arabian Peninsula, and various weapons operation manuals.
However, the surveillance app also searches for information on a range of other material – from fasting during Ramadan to literature by the Dalai Lama, and music by a Japanese metal band called Unholy Grave.
Another file on the list is a self-help manual by the American writer Robert Greene called The 33 Strategies of War.
The 33 Strategies of War is a book that essentially applies the lessons taught in Chinese philosopher Sun Tzu’s legendary The Art of War to business situations and the challenges of everyday life, illustrating its points with anecdotes about leaders and celebrities from around the world and across history who have exemplified Sun Tzu’s strategies. Chinese security might see the book as an effort to appropriate or trivialize history, the study of which the Communist Party tightly controls, or they might be concerned about the book’s references to counterterrorism strategy.
Forbes noted the app searches for more than 70,000 targeted files. One of them is the Quran, the holy book of Islam.
The spy program is capable of extracting the user name of the phone’s owner from other applications installed on the device, which would help Chinese agents penetrate their online accounts. Among the applications it searches for are Virtual Private Network (VPN) tools, often employed to evade Internet censorship by authoritarian regimes like China, and encrypted communications software such as WhatsApp.
The Guardian spoke with a traveler who said his phone was confiscated without warning or explanation and taken to a separate room so the spy program could be installed once he complied with demands to unlock the device. He had been advised by his travel agency that his phone would probably be tampered with, but he expected something along the lines of GPS tracking software, a possibility he found less alarming because every inch of Xinjiang is already blanketed with electronic surveillance.
The surveillance app appears on infected phones with a default icon and a name in Chinese that roughly translates to “bees collecting honey,” which suggests the designers at least had a sense of humor. According to travelers the Guardian and its partners interviewed, the Chinese police do not always remove the app when visitors depart Xinjiang.
Forensic experts were unable to determine exactly what the Chinese do with the information looted from phones by the spyware app and uploaded to a server at the border control office. CNN reported on Wednesday that the Chinese Foreign Ministry claimed it has “never heard of” the Xinjiang spyware program.
It remains to be seen how various other governments will respond to the revelation that China’s “mass and unlawful surveillance,” as Human Rights Watch called it, has been extended to foreign nationals. Governments preparing to do business with China for 5G wireless Internet technology would do well to ponder this latest demonstration of how little the Chinese Communist Party respects data privacy, including the privacy of foreigners, and remember that all Chinese companies are required by law to cooperate fully and quietly with Communist intelligence agents.