In an event that surprised precisely no one, a Chinese propaganda app was found to have a backdoor that can theoretically be used to spy on its users. In a country where extreme censorship and government control over all information coming in and going out are both normal practice, no one should be shocked to learn that state sponsored apps may not be safe for privacy focused smartphone users.
What the App Does
The app’s name translates to Study The Great Nation, and was launched by China’s Communist Party. The party claims the app was created to educate users on Chinese history and the ideology of their authoritarian leader, Xi Jinping. Think Mao Zedong’s Little Red Book, but for the modern age.
The app presents over 100 million users with news articles, facts, and stories surrounding the government. It even encourages users to participate in quizzes about Xi Jinping and China’s politics, featuring a leaderboard that gives them incentive to become competitive learners.
With so many internet restrictions in place, entertainment apps are hard to find in China’s App Store. Since Google is blocked in China, no one has access to the Google Play Store for their android devices. This app created a trap that was easy for the citizens of China to fall right into. Not only does it serve as an indoctrinating propaganda tool, it also serves as yet another easy surveillance tool for the Chinese government.
The Backdoor That Was Found
Cure53, a Germany based cybersecurity firm, was contracted by The Open Tech Fund to research this seemingly suspicious app. Cure53 made some troubling discoveries when attempting to look further into Study The Great Nation. The app was designed in such a way that the code could not easily be dissected, leaving many features and permissions ambiguous to the cybersecurity researchers.
The group was able to find that commands can be run by anyone with “superuser” privileges. In this case, the superuser is the Chinese government. The government can view photos, contacts, and text messages on smartphones where the app is downloaded. It can also access the device’s microphone and use the phone as a covert recording device. These superuser privileges effectively allow the government to become the administrator of the entire smartphone, even to the point of installing tracking or monitoring software without the device owner’s permission.
Many people who downloaded the app didn’t look carefully at the fine print to discover just how many permissions the app required. In essence, downloading the app and agreeing to the permissions is exactly the same as transferring ownership of your phone to the government. Suspiciously, attempts were made to hide or downplay what these permissions truly did. No app should ever require the permissions that Study the Great Nation does, and short of malicious surveillance, these permissions have absolutely no purpose.
Cure53 was unable to discover if, when, and how these permissions had been used. There’s no way to tell how the app is accessed by the government on any specific individual’s device simply by looking at the app’s code. Given the circumstances, it’s reasonable to assume that no one who has downloaded the app has any expectation of privacy on their smartphones.
What to Do if You Have the App
If you’ve downloaded the app, there’s no telling what has already transpired. The Chinese government can have access to nearly anything on your phone, and may have already installed covert malware. Until devices that have the app are individually tested, there’s no way to know how much damage has been done. Replacing the affected phone (or at the very least performing a full factory reset) may be the only way to eliminate the government’s access to an impacted device.