China Is Installing Android Malware on Tourists’ Phones

China Is Installing Android Malware on Tourists’ Phones

China has famously invasive security and surveillance operations, but activists report at least one region of the country has gotten even more Orwellian. Multiple news agencies have joined forces to analyze a new piece of malware, which Chinese border agents are forcing tourists to install on their phones. The software copies messaging, contacts, and searches phones for thousands of different documents.

Tourists report they’ve encountered this new device search when entering the Xinjiang region, which is home to the Uighur population. Millions of these ethnically Turkic Muslims live in China, almost all of them in Xinjiang. Beijing has been openly hostile toward the Uighur for years, including the use of mass surveillance and detention camps. The new malware, known as BXAQ or Fengcai, seems aimed at tracking Uighur populations and their sympathizers.

Fengcai is a standard Android app, but it has a huge number of sensitive permissions (see below), and it abuses those permissions to the extreme. Border agents have to side-load the app, which means bypassing several layers of protection that prevent users from accidentally installing unverified apps. After installation, the app copies the phone’s messaging history, calendar entries, contacts, and account details to a Chinese server.

China Is Installing Android Malware on Tourists’ Phones

After copying data, Fengcai searches the phone’s storage for more than 70,000 documents. Some of those are extremist Islamic material, but just as much of it is innocuous content like the Quran, information about the Dalai Lama, and scholarly books on the Islamic world. It even looks for songs by a Japanese metal band called Unholy Grave, which has a song about Taiwan.

Fengcai is designed to be uninstalled after collecting data — there’s even a large “uninstall” button in the app. It would appear border guards aren’t bothering to make people remove it, though. Motherboard has uploaded a copy of the Android APK to GitHub, but you probably shouldn’t install it. There are no reports of Fengcai being forced on tourists in other regions of China, but it wouldn’t be surprising to see something similar show up.

Continue reading

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

It Turns Out Huawei’s HarmonyOS Is Still Just Android
It Turns Out Huawei’s HarmonyOS Is Still Just Android

Following the Commerce Department's actions against the Chinese megafirm, Huawei has been unable to use Google services on its new phones. The company's solution was to develop HarmonyOS, but now that we've gotten our first real look at it, one thing is clear: this is just Android with a skin.