Chinese police are installing intrusive data-harvesting software on ordinary citizens’ smartphones during routine security interactions with people even when they are not suspected of any crime, new research shows.
The move suggests Chinese police are using highly invasive surveillance techniques, similar to those deployed in the restive western region of Xinjiang, in the rest of China.
The software, a smartphone application called MFSocket, provides access to image and audio files, location data, call logs, messages and the phone’s calendar and contacts, including those used in the messaging app Telegram, French security researcher Baptiste Robert said.
The MFSocket application is installed on the phone by connecting it to a computer with the necessary software. The application then opens a port that allows the device’s data to be extracted, he said.
The move underlines how China is stepping up investment in its so-called “surveillance state” as the Communist party under President Xi Jinping tightens its grip on dissent.
For nearly a decade, China has spent more on internal security than on its already considerable defence budget, pouring resources into a vast network of cameras and applications that use artificial intelligence and cloud computing to identify and track China’s 1.34bn people.
Chinese internet users have complained online about police installing the MFSocket application on their smartphones — often during everyday interactions such as passing through subway security checks — in a series of incidents recently documented by Xiao Muyi, an editor at the online magazine ChinaFile.
Many of the accounts involve people having their phones scanned when they go to the police to register after moving to a new city — a requirement in some places in China. Other checks occur when they apply for a new identity card, are stopped at security barriers, or are involved in others of the many interactions with police that are considered routine in China.
In January, one internet user said on the popular review website Douban.com that the police had installed the app on the user’s handset, according to the device’s smartphone log. This occurred when the user was briefly detained by local authorities for sharing a news article from an outlet blocked in mainland China.
Edward Schwarck, a doctoral candidate studying Chinese public security at the University of Oxford, said the use of the MFSocket app showed that police were attempting to move towards “intelligence-led” policing — investigations designed to anticipate illegal acts before they happen.
“The end result is that the security state is becoming much more resilient. They are not just responding to threats any more but are pre-empting them,” said Mr Schwarck.
The tactic is similar to surveillance methods used by China in Xinjiang, where an estimated 1.5m Muslims are being detained in internment camps, analysts said.
In a separate piece of research released this week, Berlin-based cyber security firm Cure53, in collaboration with Motherboard, Süddeutsche Zeitung, Guardian, New York Times, and German broadcaster NDR, found that Chinese police were also installing invasive data extraction software on phones at the border between Xinjiang and Central Asia.
The software is installed on the smartphones of foreign tourists and traders crossing the border and collects data such as call logs, text messages and contacts, which it uploads to a local police server, Cure53 found.
The app, called Fengcai or BXAQ, also checks files on the phones against a list of more than 70,000 “forbidden” files and “appears to be used surreptitiously — installed, used, and uninstalled in a single session”, it said.
Security researcher Mr Robert said the MFSocket application was almost certainly developed by Chinese electronic forensics company Meiya Pico, based on certificates attached to the software.
Neither Meiya Pico nor China’s public security department responded to requests for comment.
* This story has been amended to be more specific about the kind of security checks in which the app is being deployed