China installing smartphone app to steal Xinjiang visitors’ personal data


(, Jul04’19) – China uses smartphone surveillance not just on is citizens in Xinjiang but also on tourists visiting the so-called autonomous region, according to a joint investigation by Motherboard, Süddeutsche Zeitung, the Guardian, the New York Times, and Germany’s NDR. Foreigners crossing into Xinjiang are “forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities,” reported Jul 2.

In May this year, Human Rights Watch (HRW) exposed details of a smartphone app used by the police in Xinjiang to tightly monitor its oppressed citizens in the region. The app was said to be designed to draw automated inferences as to which citizens should be detained or investigated on the basis of their smartphone activities.

The report noted that at a number of border crossings, guards take phones from visitors to the region and install the malware—called BXAQ or Feng Cai—which scans the device for files against a target list, including “Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band.”

Across more than 70,000 target files, the app was also reported to have been found to search for installed copies of the Quran.

Once installed on an Android phone, by “side-loading” its installation and requesting certain permissions rather than downloading it from the Google Play Store, BXAQ collects all of the phone’s calendar entries, phone contacts, call logs, and text messages and uploads them to a server, the report cited an expert analysis as saying.

IJOP (Integrated Joint Operations Platform), the app installed on the Xinjiang people’s mobile phones, is said to be even more intrusive. Through it authorities can identify and label “many forms of lawful, every day, non-violent behaviour—such as ‘not socializing with neighbours, often avoiding using the front door’—as suspicious,” the report said.

The IJOP app is said to detect “51 network tools, including many Virtual Private Networks (VPNs) and encrypted communication tools, such as WhatsApp and Viber”.

Both the apps are seen as being skewed towards Islamic visitors to the region, with most of the targeted files being related to Islamic terrorism. They included “ISIS recruitment materials in several languages, books written by jihadi figures, information about how to derail trains and build homemade weapons.”

But apart from such prohibited material, “there were audio recordings of Quran verses recited by well-known clerics, the sort of material that many practicing Muslims might have on their phones, there were books about Arabic language and grammar, and a copy of ‘The Syrian Jihad,’ by the researcher Charles R. Lister” in the prohibited list, the report said.

The latest smartphone malware app “provides yet another source of evidence showing how pervasive mass surveillance is being carried out in Xinjiang,” HRW’s Maya Wang was quoted as saying, telling the reporters behind this latest exposure that “what you’ve found goes beyond that—it suggests that even foreigners are subjected to such mass, and unlawful surveillance.”


Please enter your comment!
Please enter your name here