Security Researchers Find Android Backdoor in Xi Jinping Thought Study App
2019-10-14 - A patriotic app promoted by the Chinese Communist Party as a tool for ideological education contains a security backdoor enabling remote access to Android smartphones, security researchers have found.
"Study the Great Nation," or Xuexi Qiangguo in Chinese, has been aggressively promoted by the ruling party, government departments and state-owned enterprises in China, with more than 100 million users to date, according to government figures.
The Huawei app store has reported more than 300 million downloads alone, with users taking part in political quizzes and study sessions, gaining scores that are compared with others in their social and professional circle.
A recent investigation by the Open Technology Fund (OTF) and security researchers at Cure53 into the app found that it "contains code resembling a backdoor which is able to run arbitrary commands with superuser privileges."
It is likely, judging from the code, that the backdoor was created and is maintained by Alibaba or Alibaba Cloud, the report said.
It found that the backdoor would work on rooted devices–such as smartphones running the Android operating system–to grant someone superuser privileges enabling them to change anything they wish on that particular device.
"Having superuser privileges gives you the power to do anything, such as download any software, modifying files and data, or install a keylogger," the OTF said in a statement on its website.
The app scans for the ability to access the root of the phone, it said, meaning that phones running Linux-based systems like Android would be vulnerable.
"If successful, it would be able to receive and potentially execute commands," the statement said.
Since Chinese president Xi Jinping came to power in 2012, he has abolished term limits for the presidency, and is currently embarked on a second, indefinite term in office.
His administration has engaged in ever-widening efforts to strengthen the Communist Party's grip on all forms of public expression, and the app represents one of the most ambitious forms of political indoctrination the ruling party has ever undertaken.
At the heart of the app's content is the concept of Xi Jinping Thought on socialism with Chinese characteristics in the new era, a hodgepodge of ideas that include strong nationalistic fervor in the form of "self-confidence," and a commitment to export the Chinese model of government around the world, in a direct challenge to "Western" liberal notions of democracy, human rights and the rule of law.
According to the OTF, the Chinese government recently announced that the app will also deliver political testing to Chinese journalists, all of whom will be required to take a test of their loyalty to the party in order to have their press credentials renewed.
The investigation by security researchers specifically focused on Android operating systems, which accounts for around 80 percent of the Chinese smartphone market.
The study also found that Study the Great Nation actively scans to find other apps that are running on the user's device, including travel apps like TripAdvisor and Airbnb; chat apps like WhatsApp, Kakao Talk, Facebook Messenger, and Skype; navigation apps like Baidu maps and Uber; Amazon Kindle and various payment apps.
The app also weakens encryption when it collects and transfers large amounts of personal user data, "seemingly by design," the study said.
Additionally, the app collects general information such as the device's unique IMEI number, connection information, information about app usage sessions, and location, which is then sent to a domain owned by Alibaba.
"Log files are created daily, so it would appear that this information is collected and sent on a daily basis," the OTF statement said.
"Study the Great Nation boasts technical capabilities that go well beyond what it purports to do, and maintains a level of access that no app would normally have over a user's device," it said. "It is deeply concerning and alerting that the app could possibly obtain a pervasive level of access and the ability to run arbitrary commands on a user's device."
Blocking digital totalitarianism
Taiwanese political commentator Yeau-Tarn Lee said the world should start thinking about how to block the digital version of the CCP's totalitarianism.
"If we are to reevaluate our view of the Chinese Communist Party, everyone needs to be very clear about one thing: that the top-down dictatorship of the regime is still the same," Lee told RFA.
"It is now engaged in a high-tech and evolving form of totalitarianism," he said. "We're not just talking about the manipulation of 1.3, or 1.4 billion people, but also the monitoring of what the rest of the world is doing."
Netherlands-based commentator Lih Lii said the Chinese government is sensitive to the slightest perception of a threat to its power.
"The Chinese authorities can fully monitor users by accessing the privileges and data on their smartphones," Lih said. "I'm not surprised that Alibaba is involved in this, because it is a government-backed company."
"But the brainwashing function [of this app] is still probably more important that its ability to control their private [data]," he said. "Everyone knows they are under total surveillance, but they dare not say a word about it to anyone, so this has a chilling effect."
Cult of personality
U.S.-based legal expert Teng Biao said the app is part of Xi's bid to build a cult of personality around himself.
"This has been going on for a few years now," Teng told RFA. "Ever since Xi Jinping came to power, especially since he consolidated his power, they have rolled out mass political study on a huge scale to sculpt Xi's public image."
"They are now engaged in a personality cult around Xi Jinping in every corner of China, and the language that we saw during the Mao era is now being revived," he said. "They have also been pushing people to download and install the Study the Great Nation app."
The security researchers' findings come after the Chinese government mulls new regulations under which any Communist Party member who speaks against government policy, the socialist system, or who takes part in strikes, protests, demonstrations or religious activities "undermining national unity" will be expelled from the party.
Sanctionable offenses will include posts, speeches, declarations or statements that openly oppose the leadership of the Communist Party, oppose the socialist system, and oppose the policies of the last few decades.
Reported by Ng Yik-tung and Sing Man for RFA's Cantonese Service, and by Xi Wang and Qiao Long for the Mandarin Service. Translated and edited by Luisetta Mudie.
|Join the GlobalSecurity.org mailing list|