Share A LinkedIn icon Share by linkedin An email icon Share by email

KEY POINTS An app promoting Chinese leader Xi Jinping's ideology has flaws that could potentially allow Beijing to control hundreds of millions of users' smartphone, a new report claims.

"Study the Great Nation" or "Xuexi Qiangguo" in Chinese had code "resembling a backdoor," Cure53 and the Open Technology Fund found.

The research implicated Alibaba in allowing the "backdoor" in the app, but the Chinese technology giant denied such a flaw existed.

This photo illustratration taken on February 20, 2019 shows a phone app called "Xuexi Qiangguo" with an image of China's President Xi Jinping in Beijing. Greg Baker | AFP | Getty Images

An app promoting Chinese leader Xi Jinping's ideology has flaws that could potentially allow Beijing to control hundreds of millions of users' smartphones, a new report claims. "Study the Great Nation" or "Xuexi Qiangguo" in Chinese is billed by China's Communist Party as an educational tool and it contains videos and articles about Xi's ideology, as well as the ability for users to earn points by doing quizzes or commenting on pieces. It is developed by the Chinese government. But a teardown of the Android version of the app by German cybersecurity firm Cure53, which was commissioned by the U.S. government-backed Open Technology Fund, highlighted security holes that could let Beijing snoop on users.

'Superuser privileges'

Cure53 found code in the app "resembling a backdoor which is able to run arbitrary commands with superuser privileges." If that code was deployed, it would grant a person system-wide administrative access, meaning they could download software, modify data or even install a keylogger to see what people were typing. "And while the investigative method utilized does not allow us to observe the ways in which that backdoor is being exploited (if at all), the audits could find no legitimate reason why an app of this nature would seek to run commands on users' phones with high privileges levels," Cure53 noted. The Xi ideology app also scans for other apps installed on a person's device which the researchers note is "no way relevant to the purported purpose of the app, which leads us to speculate as to why this mass data collection is needed by the CCP (Communist Party of China)." The State Council Information Office, responding on behalf of the Chinese government's propaganda department, told the Washington Post that the app did not have the functions the report suggests. "We learned from those who run the Study the Great Nation app that there is no such thing as you have mentioned," the office said. A spokesperson for the State Council Information Office wasn't immediately available for comment when contacted by CNBC.

Alibaba link

The Open Technology Fund and Cure53's analysis alleges that Alibaba is complicit in allowing weak security on the app. The Chinese e-commerce giant acknowledged earlier this year that the app was built using DingTalk's software. DingTalk is Alibaba's instant messaging service. Cure53 said the code it alleges amounts to a backdoor could be linked back to Alibaba or Alibaba Cloud. A DingTalk spokesperson denied that this is the case. "DingTalk is an open technology platform, and its suite of technology tools can be used for independent development of other applications and does not have any 'backdoor code' or scanning issues," the spokesperson said.

Mass user base