Visitors to Xinjiang in northwest China are experiencing a nasty surprise in the form of a spyware app that’s being forcefully installed on their phones.
As Vice reports, tourists are being stopped at Chinese borders in the Xinjiang region and having their smartphones seized. Border guards then install an app called Fengcai or BXAQ, which proceeds to collect all personal information including text messages, calendar entries, phone contacts, call logs, and a list of the installed apps. All the data is then sent to a remote server for review.
As well as collecting personal information, Fengcai has been found to check the content against a list of 73,000 items flagged as being suspicious or worth further investigation. Some of these items are legitimate, for example, instructions on how to make weapons, but then the list also includes books written in Arabic, audio of the Quran being read, and documents relating to the Dalai Lama.
For now, it’s thought Fengcai only works with Android smartphones and is added to a device through side-loading. However, iPhones are also seized and border guards plug them into a handheld device. It seems likely the guards have access to a device capable of bypassing security and grabbing all the personal information from an iOS phone, like the device Cellebrite supplies to law enforcement agencies.
Fengcai was developed by Ninjing FiberHome StarrySky Communication Development Company Ltd. and then distributed by Chinese authorities. As you’d expect, neither is willing to talk about the use of spyware and forced smartphone seizures. So if you do intend on visiting the Xinjiang region, it’s best to leave your smartphone at home, or at the very least run the best security solution you can on it.