Chinese border police are secretly installing a data-stealing app on the phones of tourists trying to enter the country, an investigation has revealed.
A joint investigation by Motherboard, Süddeutsche Zeitung, The Guardian, The New York Times and NDR found that Chinese police are installing the app on people entering the Xinjiang region from the neighbouring Kyrgyzstan, and using it to scan the device for “flagged” content.
The Xinjiang region is home to the majority of China’s Uyghurs, a Turkic ethnic group. The Chinese government has placed the blame for a number of attacks on Islamic extremism and Uyghur separatism, and used this to try to justify a large-scale surveillance operation in the region.
The latest revelations outline the scope of these efforts, with the government now extending the secretive surveillance to visitors trying to enter the region.
“This provides yet another source of evidence showing how pervasive mass surveillance is being carried out in Xinjiang,” Human Rights Watch China senior researcher Maya Wang told the reporters. “We already know that Xinjiang residents are subjected to round-the-clock and multidimensional surveillance in the region.
“[This] suggests that even foreigners are subjected to such mass, and unlawful surveillance.”
The investigation discovered that Chinese border authorities were taking travellers’ phones and installing the app in another room.
The app would then scan the phone’s calendar entries, phone contacts, call logs and text messages and match the data against more than 70,000 “target files”.
The app searches for Islamic extremist content on the phone, but also much more innocuous data, including information on fasting during Ramadan, writing by the Dalai Lama and even music by a Japanese metal band.
Wang said the Chinese government “often conflates peaceful religious activities with terrorism”.
“You can see in Xinjiang, privacy is a gateway right: once you’ve lost your right to privacy, you’re going to be afraid of practising your religion, speaking what’s on your mind or even thinking your thoughts,” Wang said.
The border police were found to usually delete the app from the phone before returning it to the tourist, but did not do this every time.
One visitor noticed the app installed on their phone after making the crossing, and provided a copy to the investigating journalists.
A journalist from Sueddeutsche Zeitung then completed the crossing themselves and had the same malicious app installed on their phone.
The new revelations are part of China’s wider efforts to create a surveillance regime in the Xinjiang region, with facial recognition cameras on the streets and in mosques, and another app installed on residents’ phones checking for banned applications such as WhatsApp and Viber.
Privacy International’s Edin Omanovic said this is “highly alarming in a country where downloading the wrong app or news article could land you in a detention camp”.
“This is yet another example of why the surveillance regime in Xinjiang is one of the most unlawful, pervasive and draconian in the world,” Omanovic told The Guardian.
“Modern extraction systems take advantage of this to build a detailed but flawed picture into people’s lives.
“Modern apps, platforms and devices generate huge amounts of data which people likely aren’t even aware of or believe they have deleted, but which can still be found on the device.”
The app is installed only on Android phones, while iPhones are plugged into a reader and scanned in the same way.
The Chinese government has attempted to justify its crackdown in the Xinjiang region as necessary to provide safety and security.
Authorities have placed hundreds of thousands of Uyghurs and other Muslims in the region in re-education camps.
The government has claimed that terrorist groups are utilising the Central Asia area to coordinate attacks in China.