Kryptowire, a security firm, recently
several models of Android mobile devices that have preinstalled permanent software that serves as backdoor collecting sensitive personal data, including text messages, geolocations, contact lists, call logs, and transmits them to a server in Shanghai,
Without users' consent, the code can bypass Android's permission model. This could allow anyone interested in a mobile user's data -- from government officials to malicious hackers -- to execute remote commands with system privileges and even reprogram
The firmware was developed by Chinese company Shanghai ADUPS Technology Company. ADUPS confirmed the report with a bollox statement
claiming that it was somehow to do with identifying junk texts.
Kryptowire's research reveals that the collected information was protected with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai. The data transmission occurred every 72 hours for text messages
and call log information, and every 24 hours for other personally identifiable information.
ADUPS also explained that the "accustomed" firmware was 'accidentally' built into 120,000 mobile products of one American phone manufacturer, BLU Products. After BLU raised the issue, ADUPS explained that the software was not designed for
American phones and deactivated the program on Blu phones.
The news has been widely reported in foreign media as ADUPS is among the largest FOTA (firmware over the air) providers in the world. The company provides a cloud platform for mobile device management to over 700 million active users in 200 countries,
which is equivalent to 70% of the global market share as it works closely with the world largest cheap mobile phone manufacturers ZTE and Huawei, both of which are based in China. In 2015 alone, Huawei sold more than 100 million smartphones.
Chinese netizens have not been surprised by the news. Reports about spyware preinstalled in Chinese mobile brands have circulated for many years among mainland and overseas Chinese speaking-communities. In 2014,
Hong Kong Android Magazine
reported that Xiaomi's smartphones designed for overseas markets were automatically connecting to an IP in Beijing and that all documents, SMS and phone logs, and video files downloaded were being transmitted to a Beijing server.
China's newly passed Cybersecurity Law has provided legal ground
for the smartphone's backdoor operation. The law requires "critical information infrastructure operators" to store users' "personal information and other important business data" in China.
In response to the news, many Chinese netizens are pointing out the abusive use of personal data and government surveillance has become the norm.
Residents of Xinjiang, an ethnic minority region of western China, are being forced to install spyware on their mobile phones.
On July 10, mobile phone users in the Tianshan District of Urumqi City received a mobile phone notification from the district government instructing them to install a surveillance application called Jingwang (or Web Cleansing). The message said
the app was intended to prevent [them] from accessing terrorist information.
But authorities may be using the app for more than just counter-terrorism. According to an exclusive report from Radio Free Asia, 10 Kazakh women from Ili Kazakh Autonomous Prefecture were arrested for messages sent to a private WeChat group chat
soon after they installed the app.
The notification from police said the application would locate and track the sources and distribution paths of terrorists, along with illegal religious activity and harmful information, including videos, images, ebooks and documents.
Jingwang's website describes the application as follows:
Jingwang is a protection service with an adult and child categorization system introduced by Jiangsu Telecom. The main function is to block pornographic websites, online scams, trojan horses, and phishing sites; to alert users of how much time
they spend online; and to enable remote control of one's home network. The tool is intended to help kids develop a healthy lifestyle by building a safe web filter for the minors.
Of course, any tool with these capabilities could be used in multiple ways. For example, the app's remote control feature could enable state actors or even hackers to manipulate or steal from a person's home network.
The move is consistent with other measures of control over digital activities in the region. While stories of digital censorship in China often focus on the experiences of users in major cities in the east and south, the reality is often more
bleak for those living in remote, embattled ethnic minority regions such as Xinjiang and Tibet. Seeking to contain unrest and discontent in conflict areas, authorities often impose extreme censorship and surveillance measures and routine Internet
Authorities from Xinjiang are checking to make sure that people are using the official Jingwang application. A mobile notification demanded people install the app within 10 days. If they are caught at a checkpoint and their devices do not have the
software, they could be detained for 10 days. This is a setback on the development of technology. They forced people to use devices designed for the elderly. It is a form of confinement by through surveillance technology. We are back to Mao's
Images from mainland China also posted a product description of Jingwang which explained that the tool can negate the password requirement of a Windows operating system and access the computer hard disk with no restrictions. Once installed with
Jingwang, computers and mobiles in Xinjiang, would become electronic handcuffs.
The US-based global tech giant Apple Inc. is set to hand over the operation of its iCloud data center in mainland China to a local corporation called Guizhou-Cloud Big Data (GCBD) by February 28, 2018. When this transition happens, the local
company will become responsible for handling the legal and financial relationship between Apple and China's iCloud users. After the transition takes place, the role of Apple will restricted to an investment of US one billion dollars, for the
construction of a data center in Guiyang, and for providing technical support to the center, in the interest of preserving data security.
GCBD was established in November 2014 with a RMB 235 million yuan [approximately US$ 37.5 million] registered capital investment. It is a state enterprise solely owned by Guizhou Big Data Development and Management Bureau. The company is also
supervised by Guizhou Board of Supervisors of State-owned Enterprises.
What will happen to Apple's Chinese customers once iCloud services are handed over to GCBD? In public statements, Apple has avoided
acknowledging the political implications of the move:
This will allow us to continue to improve the speed and reliability of iCloud in China and comply with Chinese regulations.
Apple Inc. has not explained the real issue, which is that a state-owned big data company controlled by the Chinese government will have access to all the data of its iCloud service users in China. This will allow the capricious state apparatus to
jump into the cloud and look into the data of Apple's Chinese users.
Apple Inc. has not explained the real issue, which is that a state-owned big data company controlled by the Chinese government will have access to all the data of its iCloud service users in China.
Over the next few weeks, iCloud users in China will receive a notification from Apple, seeking their endorsement of the new service terms. These "iCloud (operated by GCBD) terms and conditions" have a newly added paragraph, which reads:
If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.
In other words, once the agreement is signed, GCBD -- a company solely owned by the state -- would get a key that can access all iCloud user data in China, legally.
Apple's double standard
Why would a company that built its reputation on data security surrender to the Chinese government so easily?
I still remember how in February 2016, after the attack in San Bernardino, Apple CEO Tim Cook withstood pressure from the US Department of Justice to build an iPhone operating system that could circumvent security features and install it in the
iPhone of the shooter. Cook even issued an open letter
to defend the company's decision.
Apple's insistence on protecting user data won broad public support. At the same time, it was criticized by the Department of Justice
, which retorted that the open letter "appears to be based on its concern for its business model and public brand marketing strategy."
This comment has proven true today, because it is clear that the company is operating on a double standard in its Chinese business. We could even say that it is bullying the good actor while being terrified by the bad one.
Apple Inc. and Tim Cook, who had once stayed firm against the US government, suddenly have become soft in front of Chinese government. Faced with the unreasonable demand put forward by the Chinese authorities, Apple has not demonstrated a will to
resist. On the contrary, it is giving people the impression that it will do whatever needed to please the authorities.
Near the end of 2017, Apple lnc. admitted it had removed 674 VPN apps
from Chinese App Store. These apps are often used by netizens for circumventing the Great Firewall (blocking of overseas websites and content). Skype
from the Chinese App Store. And Apple's submission to the Chinese authorities' requests generated a feeling of "betrayal" among Chinese users.
Some of my friends from mainland China have even decided to give up using Apple mobile phones and shifted to other mainland Chinese brands. Their decision, in addition to the price, is mainly in reaction to Apple's decision to take down VPN apps
from the Chinese Apple store.
Some of these VPN apps can still be downloaded from mobile phones that use the Android system. This indicates that Apple is not "forced" to comply. People suspect that it is proactively performing a "obedient" role.
The handover of China iCloud to GCBD is unquestionably a performance of submission and kowtow. Online, several people have quipped: "the Chinese government is asking for 50 cents, Apple gives her a dollar."
Selling the iPhone in China
Apple says the handover is due to new regulations that cloud servers must be operated by local corporation. But this is unconvincing. China's Cybersecurity Law, which was implemented on June 1 2017, does demand that user information and data
collected in mainland China be stored within the border
. But it does not require that the data center be operated by a local corporation.
In other words, even according to Article 37 of the Cybersecurity Law, Apple does not need to hand over the operation of iCloud services to a local corporation, to say nothing of the fact that the operator is solely owned by the state. Though
Apple may have to follow the "Chinese logic" or "unspoken rule", the decision looks more like a strategic act, intended to insulate Apple from financial, legal and moral responsibility to their Chinese users, as stated in the
new customer terms and conditions on the handover of operation. It only wants to continue making a profit by selling iPhone in China.
Many people have encountered similar difficulties when doing business in China -- they have to follow the authorities' demands. Some even think that it is inevitable and therefore reasonable. For example, Baidu's CEO Robin Li said in
a recent interview with Time Magazine, "That's our way of doing business here".
I can see where Apple is coming from. China is now the third largest market
for the iPhone. While confronting vicious competition from local brands, the future growth of iPhone in China has been threatened
. And unlike in the US, if Apple does not submit to China and comply with the Cybersecurity Law, the Chinese authorities can use other regulations and laws like the Encryption Law of the People's Republic of China (drafting) and Measures for
Security Assessment of Cross-border Data Transfer (drafting) to force Apple to yield.
However, as the world's biggest corporation in market value which has so many loyal fans, Apple's performance in China is still disappointing. It has not even tried to resist. On the contrary, it has proactively assisted [Chinese authorities] in
selling out its users' private data.
Assisting in the making of a 'Cloud Dictatorship'
This is perhaps the best result that China's party-state apparatus could hope for. In recent years, China has come to see big data as a strategic resource for its diplomacy and for maintaining domestic stability. Big data is as important as
military strength and ideological control. There is even a new political term "Data-in-Party-control" coming into use.
As an Apple fans, I lament the fact that Apple has become a key multinational corporation offering its support to the Chinese Communist Party's engineering of a "Cloud Dictatorship". It serves as a very bad role model: Now Apple that has
kowtowed to the CCP, how long will other tech companies like Facebook, Google and Amazon be able to resist the pressure?