Chinese Border Guards Place Malware on Travellers' Phones

Chinese authorities are installing malware onto the phones of travellers crossing the border into the Xinjiang region.

Border guards have been seizing phones at the Irkeshtam border crossing with Kyrgyzstan. iPhones are connected to a machine that scans them, while a surveillance app (malware) is installed on Android phones.

The information gathered includes emails, texts, calendar entries and phone contacts, as well as any other 'problematic' files that match the 73,000+ items listed in the app's code. Among them are terms linked with Islamist extremism and various weapons operation manuals, but also subjects such as the writings of the Dalai Lama. Even music from a grindcore band is on the list.

Kyrgyzstan is a predominantly Muslim nation and an estimated 1.5 million Uighurs and other Muslims, many of whom are being held in 're-education' centres, live in The Xinjiang region, where facial recognition cameras, CCTV, and physical searches are a part of daily life.

"We already know that Xinjiang residents, particularly Turkic Muslims, are subjected to round-the-clock and multidimensional surveillance in the region," said Maya Wang, China senior researcher at Human Rights Watch. "(This) suggests that even foreigners are subjected to such mass and unlawful surveillance."

The campaign group Privacy International, said the findings were "highly alarming in a country where downloading the wrong app or news article could land you in a detention camp. This is yet another example of why the surveillance regime in Xinjiang is one of the most unlawful, pervasive and draconian in the world."

No one is sure of what happens to the information or how long it is kept. When travellers leave Xinjiang, the app is removed. In most cases. There is no evidence showing that anyone has been tracked after leaving the region, however authorities have the ability use the information they have to find someone.

This story is based on a collaboration by the New York Times, the Guardian, Motherboard, Süddeutsche Zeitung, and the German public broadcaster NDR.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.