A report from the German cybersecurity firm Cure53 suggests the Chinese communist party’s app, Study the Great Nation, has ‘superuser’ access to over 100 million Android devices. It notes the app has a backdoor through which the government can access messages, photos, contacts, and internet browsing history of these handsets.
When a researcher at the agency inspected the app, they found coders have ‘deliberately used’ weak encryption in functions like mail and biometric authentication. Plus, it stores files on the phone’s storage in a way other apps can read data from them. This is dangerous if the government has other apps on your phone, they can easily read all data stored by this app and send it back to the authorities.
More shockingly, the report notes that the app has a backdoor-like command line that executes ‘superuser’ commands to increase its access to a phone’s data without explicitly asking for root access. Through this root access, authorities can track your location, activate audio recording, or call a number on your behalf without your knowledge.
The investigation was commissioned by Open Technology Fund, an initiative by the US government under Radio Free Asia program. Its director for research, Adam Lynn, told the Washington Post it’s uncommon for such an app to have root access and for coders have gone to lengths to hide its modes of operation:
The access itself is significant. The fact that they’ve gone to these lengths [to hide it] only further heightens the scrutiny around this. It can take over the entire device, and it could be sending back information.
The State Council Information Office of China has denied all allegations.
The app, initially published in January, has been reportedly used by the party to push its propaganda. It launched several campaigns on social networks such as WeChat and Weibo to encourage people to install the app. As WaPo noted, the party has issued directives to its members to download the app and several workplaces have also mandated its use.
Such apps are detrimental to user privacy and their activities on the internet. China’s already known for a tightly walled internet and incidents like this won’t help its already muddy international image in the technology world.