The Chinese Communist Party appears to have "superuser" access to all the data on more than 100 million cellphones, owing to a back door in a propaganda app that the government has been promoting aggressively this year.
An examination of the code in the app shows it enables authorities to retrieve every message and photo from a user's phone, browse their contacts and internet history, and activate an audio recorder inside the device, according to a U.S.-funded analysis.
"The [Chinese Communist Party] essentially has access to over 100 million users' data," said Sarah Aoun, director of technology at the Open Technology Fund, an initiative funded by the U.S. government under Radio Free Asia. "That's coming from the top of a government that is expanding its surveillance into citizens' day-to-day lives."
The party, led by Xi Jinping, launched the app, called "Study the Great Nation," in January. The name is a pun because the Chinese word for study - "xuexi" - contains the authoritarian leader's family name.
The app contains news articles and videos, many of them about Xi's activities or his ideology, "Xi Jinping Thought." There is even a sense of competition, with users earning points for reading articles and commenting on them, and a leader board showing how users are faring in quizzes.
The app, which can be downloaded on all types of smartphones including Apple and Android, has been called Xi's high-tech equivalent of Mao Zedong's Little Red Book and was launched amid a campaign to bolster the Communist Party's ideological control over the Chinese population.
It quickly became the most downloaded app in China, including in Apple's app store in the country, with state media reporting in April that it had more than 100 million registered users. Google is blocked in China, so Android users must download the app through other means.
There have been suspicions about the app's invasiveness - although many people in China are conscious that the authorities can read their messages if they want to. A cybersecurity law enacted two years ago required all tech companies to share user data with the government.
- - -
The Open Tech Fund contracted Cure53, a German cybersecurity firm, to break apart the app and determine its exact capabilities. Although they were not able to fully assess the app's functionalities because of code designed to thwart attempts to dissect the app, the Cure53 auditors found code that amounts to a back door into the phone that is able to run arbitrary commands with "superuser" privileges.
Granting such privileges is tantamount to giving administrator-level access to a user's phone, and this kind of code is generally considered to be malicious. Superuser privileges give developers the power to download any software, modify files and data, or install a program to log key strokes.
"It's very, very uncommon for an application to require that level of access to the device, and there's no reason to have these privileges unless you're doing something you're not supposed to be," said Adam Lynn, the Open Tech Fund's research director.
"The access itself is significant. The fact that they've gone to these lengths [to hide it] only further heightens the scrutiny around this," he said.
The investigation could not reveal how the code or the information it gathered was being used, but there was no legitimate reason a supposedly educational app would seek to run commands on users' phones with high privilege levels, the fund wrote in a commentary about the Cure53 report, which will be published Monday.
A review of the terms and conditions of the app, which was developed by the Communist Party's Propaganda Department in collaboration with the Chinese tech giant Alibaba, show that users must agree to allow access to a vast trove of information and functions.
This includes allowing the app to access and take photos and videos, transmit the user's location, activate audio recording, dial phone numbers and trawl through the user's contacts and internet activity, as well as retrieve information from 960 other applications including shopping, travel and messaging platforms. It even requires the ability to connect to WiFi and turn on the flashlight.
"It can take over the entire device, and it could be sending back information," said Lynn.
- - -
The app collects and sends detailed log reports on a daily basis, containing a wealth of user data and app activity, the investigation found.
The State Council Information Office, responding on behalf of the Propaganda Department, denied the app contained such functions.
"We learned from those who run the 'Study the Great Nation' app that there is no such thing as you have mentioned," the office said in a response to faxed questions outlining the report's main findings.
Alibaba declined to comment, referring questions to the Propaganda Department. It has previously said that the app was built using software from its messaging app, DingTalk.
A spokesman for DingTalk tried to distance the subsidiary from the app.
"DingTalk is an open technology platform, and its suite of technology tools can be used for independent development of other applications and does not have any 'backdoor code' or scanning issues," the spokesman said in a message forwarded by Alibaba.
But Alibaba's fingerprints were all over the app. The packages that contain the "backdoor" code have the values "aliyun and Alabama," suggesting these packages were created and are maintained by Alibaba or Alibaba Cloud, the Open Tech Fund said.
Alibaba's founder, Jack Ma, has an array of U.S. investments, including Lyft.
To use the app, users must sign up with their real names and cellphone numbers, creating a trail since all phones in China must be registered to a national ID card number.
"They're making 'Study the Great Nation' app users wear electronic handcuffs," wrote one Chinese Twitter user, identifying him or herself as an independent China researcher. "It's so horrible."
Use of the app in China is not exactly voluntary. The Communist Party has issued directives to its members to download the app, as have many workplaces.
Organizations from the Beijing Chaoyang Lawyers' Association and Peking University to the Hunan Vocational College of Science & Technology and a bus company in Jinan province have ordered their members to use the app.
Starting this month, about 10,000 reporters and editors in Beijing will take part in a pilot test that is expected to extend nationwide, in which they will be tested on their knowledge of Xi Jinping Thought through the app.
The Propaganda Department's media oversight office made it clear that only those who passed would get new press cards, which are required to work as a journalist in China.
Last month, 60 proficient app users were chosen to come to Beijing and watch a special artistic performance in the Great Hall of People on Tiananmen Square.
Ma Weizhong, the deputy director of Chizhou Environment Bureau in Anhui province, said he felt "blood surging in my heart" when he learned he would be going. "I felt both proud and honored, and a great sense of responsibility," Ma, who started using the app in January, told local media.
Others are not so happy about their workplace-mandated usage sessions, which have become so stringent that some entrepreneurial types have started services where they will log app hours on a customer's behalf.
"Sometimes even when I'm very tired and have put my baby to sleep, I still have to complete my 'Study the Great Nation,' otherwise my pay will be cut," one disgruntled app user wrote on Weibo, the Chinese answer to Twitter. Another complained about having to write a 2,000-word self-criticism because they didn't earn enough points on the app.
The Open Tech Fund concluded that the app contained code that should be alarming to users and app store owners alike.
"What's clear is that while the CCP advertises 'Study the Great Nation' as a way for citizens to prove their loyalty and study their country, the app's maintainers are studying them right back," it wrote in its commentary.
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)