Since 2024, Chinese security staff can examine electronic devices without a warrant or active criminal case. And this includes during border crossings.
A real estate agent runs out of her office while talking on her cellphone in Beijing in 2011. Mobile security firm Lookout has discovered malware used by Chinese police to extract data from cellphones. “It’s a big concern,” said one security analyst. File Photo by Stephen Shaver/UPI | License Photo
Mobile security company Lookout has found a new system that police departments in China use to extract data from confiscated phones.
The software is called Massistant, created by Chinese company Xiamen Meiya Pico, and it specializes in extracting different types of data, including private communications, multimedia files, geographical tracking records, voice recordings and contact databases. It can even extract messages on Signal.
“It’s a big concern,” said Kristina Balaam, the researcher for Lookout who performed the malware analysis. “I think anybody who’s traveling in the region needs to be aware that the device that they bring into the country could very well be confiscated and anything that’s on it could be collected.”
She found several posts on local Chinese forums in which people said they found the malware installed on their devices after interacting with the police.
“It seems to be pretty broadly used, especially from what I’ve seen in the rumblings on these Chinese forums,” Balaam said.
The malware must get installed on an unlocked device and works with a hardware tower connected to a desktop computer, according to a description and pictures of the system on Xiamen Meiya Pico’s website.
Chinese law on cell phone confiscation has expanded. Since 2024, Chinese security staff can examine electronic devices without a warrant or active criminal case. This is especially the case with border crossings.
“If somebody is moving through a border checkpoint and their device is confiscated, they have to grant access to it,” Balaam said.
Massistant leaves traces of its installation on the seized devices, so users can potentially detect and remove it by finding it on their devices or using Android Debug Bridge to remove the software. But Balaam warned that by the time Massistant is installed, it’s already too late and authorities have access to the user’s data.
She said that Massistant is just one of many spyware/malware created by Chinese surveillance tech companies, something she called “a big ecosystem.”
