Travelers attempting to cross into China's Xinjiang region from neighboring Kyrgyzstan have reportedly had spyware installed on their smartphones by border agents.
According to a recent investigation by the Guardian, The New York Times and Süddeutsche Zeitung, border agents have been requiring tourists to hand over their phones and the passwords to unlock them before being allowed to cross the border. The devices are then taken to another room where border agents can snoop through them.
iPhones are plugged into a machine that scans through their contents while Android smartphones are compromised even further by having a spyware app installed on the device which scans its contents and collects data.
- Spyware-laden 'privacy' extensions and apps affect over 11 million users
- China planning its own blacklist after Huawei ban
- US could blacklist up to five Chinese surveillance firms
The app installed on Android devices is named Fēng cǎi which has no direct translation in English but relates to bees collecting honey in a similar way to how the Chinese border agents are collecting user data.
Fēng cǎi app
The Fēng cǎi app collects a user's phone contacts, text messages, call history and calendar entries while also making a note of which apps are installed on the device as well as what usernames are used in certain apps. All of this data is then uploaded to a server according to the reports.
The app also scans the phone for more than 73,000 files looking for a wide range of material including extremist content, Quran excerpts and even music from the Japanese metal band Unholy Grave.
The app is supposed to be deleted once the scans are complete but border agents seemed to have forgotten this step several times which led to its eventual discovery when travelers took their phones with the app installed, back to reporters in Germany. The group of publications working together on the story then sought out experts to analyze exactly what the spyware was doing.
The spyware can be deleted after the initial scan as it appears that it does not continue to send information back to Chinese authorities.
China's Xinjiang region is all too familiar with this kind of surveillance as facial recognition and other tactics are often deployed to spy on Uighur Muslims who China views as a threat to its stability.
- We've also highlighted the best VPN services of 2019
Via The Verge
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.