Chinese netizens recently reported that police have begun checking people’s smartphones with a special mobile device at subway stations and on the streets of Beijing and Shanghai.
Beijing police said that the tool is only for scanning people’s IDs, but netizens and experts who dug deeper have discovered that the product can extract personal data from smartphones without authorization from the smartphone owner.
A Beijing netizen sent a video to the Chinese-language Epoch Times on June 17, which showed that Beijing police have set up a temporary checkpoint at the Dongzhimen Subway Station to check travelers’ smartphones.
“The police is checking everything on the phone,” the person shooting the video can be heard saying.
Ms. Cheng, a Shanghai dissident, also told U.S.-based broadcaster and sister media NTD that local police on the streets have also begun checking people’s phones.
Several netizens from Shanghai and Beijing told NTD that the police mainly check whether there are photos or videos about recent Hong Kong protests against a controversial extradition bill, a topic banned in mainland China. The police also look for whether people have installed virtual private network (VPN) and other apps that can allow users to bypass the Chinese firewall and access foreign websites that are banned inside China.
On June 21, the Beijing police department published a statement on its official Weibo account, denying netizens’ complaints that officers were accessing people’s smartphones.
In the statement, it said that the police did not take away people’s smartphones, but were using their “mobile police terminals” to check IDs.
The statement also explained what the device does: “Police can use this ‘smartphone’ [mobile police terminal] to accomplish all types of police work. This device is the perfect embodiment of advanced police technology as well as applying big data.”
“Mobile police terminal” devices have proliferated in certain years. Many software developers tout their success at scoring government clients.
Xinda Jie’an, for example, said on its website that its devices for police in Henan Province can identify people’s faces after taking their photo. All their background information will then become available to police, including contact information, any prior criminal record, cars and other vehicles that are registered under the person, and so on.
For foreigners, their profiles and passport numbers can be accessed after police take a photo or a finger scan with the device. The police can also input more information about the foreigner’s behavior into the database.
In the northwestern region of Xinjiang, where the resident Uyghur population is closely monitored by authorities, Hikvision-developed devices can connect the police network via any mobile carrier, allowing police to upload and download data from people’s phones and into the police database.
Meanwhile, Vickn, a developer of mobile communication-based security software, uses hardware manufactured by Chinese tech giant Huawei to operate its police devices. According to its website, Vickn supplies to police in Jiangsu, Ningxia, Guangxi, Guizhou, and Sichuan provinces.
According to Vickn’s product page, its mobile police terminal can identify people by scanning their fingerprints. Police can then access the person’s file on its database, which includes information on their homes.
Since 2016, netizens have complained that after police checked their phones, a MFsocket app mysteriously appears on their phones. They are unable to uninstall it.
Recently, netizens again reported this phenomenon.
On June 25, a French cybersecurity engineer and vigilante hacker who uses the pseudonym Elliot Alderson, published his research findings on the MFsocket app on Medium.com.
Alderson found out: “[MFsocket] is asking a lot of dangerous permissions: – Read your call log, your contacts, your SMS, your calendar, your SD card – Disable the lock screen – Access your location – install a new app without your consent.”
“Moreover, we can see that the activity doesn’t have the category launcher which means that this app doesn’t have an icon,” Alderson wrote.
He concluded that the app was a surveillance tool.
This article previously misreported where the hacker self-identified as Elliot Alderson was based. The Epoch Times regrets the error.