China Has Gained the Ability To Spy On More Than 100 Million Citizens Via a Heavily Promoted Official App, Report Suggests (bbc.com) 47
Security researchers believe the Chinese Communist Party's official "Study the Great Nation" app has a backdoor that could help monitor use and copy data from those who have it installed on their devices. The BBC reports: Released in February, Study the Great Nation has become the most downloaded free program in China, thanks to persuasive demands by Chinese authorities that citizens download and install it. The app pushes out official news and images and encourages people to earn points by reading articles, commenting on them and playing quizzes about China and its leader, Xi Jinping. Use of the app is mandatory among party officials and civil servants and it is tied to wages in some workplaces.
Starting this month, native journalists must pass a test on the life of President Xi, delivered via the app, in order to obtain a press card which enables them to do their jobs. On behalf of the Open Technology Fund, which campaigns on human rights issues, Germany cyber-security firm Cure 53 took apart the Android version of the app and said it found many undocumented and hidden features. In its lengthy report, Cure 53 said Study the Great Nation had "extensive logging" abilities and seemed to try to build up a list of the popular apps an individual had installed on their phone. It was "evident and undeniable that the examined application is capable of collecting and managing vast amounts of very specific data," said the report. The app also weakened encryption used to scramble data and messages, making it easy for a government to crack security. Adam Lynn, research director at the Open Technology Fund, told the Washington Post, which broke the story: "It's very, very uncommon for an application to require that level of access to the device, and there's no reason to have these privileges unless you're doing something you're not supposed to be."
The security company didn't find evidence that this high-level access was being used, but said it's not clear why an educational app would need such access to a phone.
Starting this month, native journalists must pass a test on the life of President Xi, delivered via the app, in order to obtain a press card which enables them to do their jobs. On behalf of the Open Technology Fund, which campaigns on human rights issues, Germany cyber-security firm Cure 53 took apart the Android version of the app and said it found many undocumented and hidden features. In its lengthy report, Cure 53 said Study the Great Nation had "extensive logging" abilities and seemed to try to build up a list of the popular apps an individual had installed on their phone. It was "evident and undeniable that the examined application is capable of collecting and managing vast amounts of very specific data," said the report. The app also weakened encryption used to scramble data and messages, making it easy for a government to crack security. Adam Lynn, research director at the Open Technology Fund, told the Washington Post, which broke the story: "It's very, very uncommon for an application to require that level of access to the device, and there's no reason to have these privileges unless you're doing something you're not supposed to be."
The security company didn't find evidence that this high-level access was being used, but said it's not clear why an educational app would need such access to a phone.
#realjourno (Score:2)
ban it (Score:2)
Re: ban it (Score:2)
It is included in apples chinese app store https://en.m.wikipedia.org/wik... [wikipedia.org] but I can't find if it's included in google play (can't find it here, but I'm not in china).
Re: (Score:2)
Re: ban it (Score:2)
I actually didn't remember if google play was just heavily self censored in china or banned outright, so thanks for the info.
More than heavily "promoted" (Score:1)
Sounds more like mandated.
But... That's China. Here in the west, we give it up for nothing with no pressure at all.
Re: (Score:2)
Re: (Score:2)
Sounds more like mandated.
But... That's China. Here in the west, we give it up for nothing with no pressure at all.
Even there it is not mandated. Just living without it is as difficult as living without a credit score in the West.
Re: (Score:2)
100 Million isn't all that much in China.
Re: (Score:1)
Also, free speech is worthless because people are already giving maximum attention to American Idle.
Re: (Score:1)
Also, free speech is worthless in the west because people are already giving maximum attention to American Idle.
Truly, China offers a glimmer of hope for freedom.
Re: (Score:2)
The security company didn't find evidence that this high-level access was being used, but said it's not clear why an educational app would need such access to a phone.
In other words, we saw a puff of smoke, and assumed it must be due to arson.
Why can't these guys wait until they've completed sufficient research before publishing such hype. Oh wait, 'journalism', as you were.
It seems better to warn people when you see the puff of smoke than to wait until the flames appear and 100M people are caught up in the flames.
Re: (Score:2)
I'm not talking about the initial 'lengthy' report, which contains sufficient detail to draw a valid conclusion and provide an appropriate declarative warning. I'm talking about the little weasel worded 'disclaimer' tossed in at the end implying we don't have sufficient info to draw a conclusion, but we'll imply one anyway.
The Chinese government standard operating procedure is to spy on the population, so it is expected they are probably doing so and were caught in the act. I would have expected a much stro
Re: (Score:2)
When there is smoke coming out of the door of my neighbor, I call the fire department. I don't wait 'til the door is on fire so I can be sure.
New Employment Oppurtunity (Score:2)
China announces the new great "Study The Great Nation" employment opportunity. Do you have what it takes, can you "Study The Great Nation" on behalf of many others, to create the best score for you clientele. Join the "Study The Great Nation" consultancy now, and earn the most points you can for as many as you can, be a great 'Studier' be the best you can be as many times as you can be.
This silly stuff reminds of the time when lots of Chinese were playing MMOs for profit, playing the game so others did not
Re: (Score:2)
Except they're building facial recognition into Internet access...
Negative social credit (Score:2)
Bonus credit for reporting people who have not yet installed the "Study the Great Nation" educational app.
App has quizzes about Xi and the Party (Score:5, Informative)
My wife, who is Chinese and still has her family in China, told me about what is probably the app in question. Apparently, people need to take quizzes regarding Xi/Party philosophies regularly with this app now. This is in addition to several other policies like having to record your children watching certain propaganda shows.
Re: (Score:2)
Re: (Score:3)
This is in addition to several other policies like having to record your children watching certain propaganda shows.
It seems apparent that the Chinese leadership interpreted Nineteen Eighty-Four as an instruction manual rather than a warning.
Eastasia, indeed.
Re: (Score:1)
So, pretty much as in the west.
I like how here in the west it's taken *extremely* literally [technobuffalo.com]. Orwell would be impressed.
Re: (Score:2)
Warning the United States of America has gained the opportunity to spy on https://www.worldometers.info/... [worldometers.info] that many people via these apps, Google Search, Facebook, Twitter, M$ Windows (especially 10 uniquely personally identified and back doored from the get go) and of course Android because Alphabet/Google (get it the sick humour, the all alphabet agencies spying on you and look there's the corporation wanting to contract it all, all hugs and smooches and don't be evil, yep, uh huh, NAHHH. You accept thi
Re: (Score:2)
It seems like any Android app you install, down to the free fleshlight app, wants every privilege under the sun as a default. I wish XPrivacy were still maintained because you could give an app privs everywhere... but the data it would get would be bogus or random, mitigating the security disaster. The newer priv model does help, but some apps still demand a ton of stuff at install time, and it is all or nothing.
That's nothing ... (Score:3)
... Google, Facebook and Microsoft do a shit load better than that.
LeBron James (Score:2)
Has this app on his phone.
App Name: Happy Good Time Citizen App (Score:1)
Re: (Score:2)
Funny, they all say the opposite...
Well, at least the ones that were available for comment and not on extended vacation.
100 Million? (Score:1)
Way behind the US government / FaceBook then?
Re: (Score:2)
The difference maybe being that your employment opportunity as well as your credit rating are independent of having a Facebook account.
Re: (Score:1)
https://careers.workopolis.com... [workopolis.com]
Re: (Score:2)
Yes, that's why you should always have some fake profiles ready. I use Facebook exactly for this purpose.
But it's far from mandatory. You can also just NOT use it.
Re: (Score:1)
Yeap, I can not use it but.... https://www.businessinsider.co... [businessinsider.com]
Backdoors on the App Store (Score:4, Insightful)
"The app contains code resembling a back door, which is able to run arbitrary commands with super-user privileges," said the report.
Apple is so notoriously paranoid about execution of remote code that they don't even allow third-party browser engines on their App Store - yet they approved this?
Re: (Score:3)
Really nice company you got there, be a shame if something were to happen to it.
Re: (Score:2)
The report is solely about the Android version. The researchers did not look at the iOS version.
What has me scratching my head is how an Android application even has so much access. I would have expected much better sandboxing/privilege separation.
Re: (Score:2)
The report is solely about the Android version. The researchers did not look at the iOS version.
They listed the iOS version as one of the sources
Sources for obtaining the app during this analysis
https://www.xuexi.cn/ [xuexi.cn]
https://apps.apple.com/cn/app/... [apple.com] %E5%9B%BD/id1426355645
https://h5.xuexi.cn/page/downl... [xuexi.cn]
But yea it looks like they only talk about the android version in the report. Wonder if they analyzed both and if there were any differences.
Re: (Score:2)
Found the answer here. [washingtonpost.com]
Correction: This article has been updated to clarify that the Cure53 researchers audited only the version of the app available through Android operating systems and did not investigate the version of the app available on Apple’s iOS.
In other words (Score:5, Funny)
In Soviet... (Score:2)
So the time for the "in Soviet" joke?
In Soviet China, great leader studies you!
Re: (Score:2)
Re: (Score:2)
Workaround (Score:2)
Okay, if a Chinese national working in their local government needs this app to get wages or a press pass as a member of the local media, what's stopping them from buying a separate phone devoid of any information other than the sheer basics to use this app?
Seems pretty simple, though I'm thinking most regular folk in China won't be aware of this idea, or aren't able to afford a secondary smartphone for such a purpose.