China's App Allows "Superuser" Access to Entire Data of Over 100 Million Android-Based Phones

By CircleID Reporter
China's App Allows

The Chinese Communist Party's app called 'Study the Great Nation' released in January is reported to have "superuser" access to the entire data of over 100 million Android-based phones via a backdoor. The propaganda app, billed as an educational tool, has been promoted aggressively throughout the year. The app was analyzed by the human rights activist group, Open Technology Fund (OTF), in partnership with the German cyber-security firm Cure53. "Earlier this year, it became the most downloaded app on the Chinese App Store, and the Chinese government claims that it now has over 100 million users," reports OTF, which revealed the results over the weekend. It adds: "The numbers are sky-high, with the Huawei store reporting 300 million downloads, and Wadoujia 195 million downloads. 'Study the Great Nation' features content like news articles and quizzes alongside a leaderboard where users' scores can be viewed alongside those of their coworkers."

What the audit found about the app's backdoor capabilities:

Superuser Privileges: "Contains code that amounts to a backdoor to rooted devices, essentially granting complete administrator-level access to a user's phone."

Scanning Apps: "Study the Great Nation actively scans to find other apps that are running on the user's device, drawing from a list of 960 applications."

Weak Encryption by Design: "While Study the Great Nation collects and transmits large amounts of personal user data, the app's security is weakened - seemingly by design - through the use of weak cryptographic algorithms in areas containing information linked to users' biometric data and emails."

Detailed Log Reports: "Cure53 also found that the app collects general information such as the device's unique IMEI number, connection information, information about app usage sessions, and location."

Related topics: Internet Governance, Privacy

Comments