A report by the German cybersecurity company Cure53 indicates that China is using the application of the Communist Party of China, which promotes the doctrine of Chinese leader Xi Jinping called the study of the Great Nation to spy on more than 100 million Android devices.
The German company noted that the application, developed by the
Chinese government, includes a back door through which the government can access messages, photos, contacts and Internet browsing history of these phones.
The app is described by the CPC as an educational tool, and contains videos and articles on Xi Jinping's ideology, as well as the ability of users to earn points by conducting tests or commenting on syllables.
German cybersecurity company Cure53, which was commissioned by the Open Technology Fund, an initiative supported by the US government under the Radio Free Asia program, highlighted the vulnerabilities that could allow Beijing to snoop on users.
Sarah Aoun, director of technology at the Open Technology Fund, said that users had basically given the CPC access to all data on their phones after downloading the application released in January.
Sarah Aoun told the Washington Post: The Chinese government is expanding its surveillance to include citizens' daily lives. The Open Technology Fund has contracted Cure53 to analyze application code in a process known as reverse engineering.
Cure53 found that the application is designed to resist these analytical attempts, but it has a back door that allows the remote user to control the phone as if it were its owner.
The company explained that programmers deliberately used weak encryption in functions such as mail and biometric authentication.
Files are also stored on the phone's storage in a way that other apps can read data from, so that if the government has other apps installed on the phone, they can easily read all the data stored by this app and send it back to the authorities.
The Information Office of the State Council, which responds on behalf of the Department of Publicity of the Chinese government, told the Washington Post: The application does not have the functions referred to in the report, denying that the application is able to spy on its users.
The analysis claims that Alibaba e-commerce giant Alibaba is complicit in allowing poor security on the application, and the company acknowledged earlier this year that the application was designed using DingTalk, the instant messaging service of Alibaba.
Cure53 said the backdoor code could be linked to the Alibaba cloud service, and a DingTalk spokesman denied the matter, saying: DingTalk is an open technology platform, and its technology toolkit can be used for independent application development and does not have any code for back doors.
0 Comments