This App Helps You Learn About China, While China Learns All About You

By Shan Li and Philip Wen (WSJ)

Updated Oct. 14, 2019 10:28 pm ET

Two recent reports suggest increased sophistication by Beijing in harnessing vast reams of information for political ends

BEIJING—China is using a widely downloaded mobile app and a translation service to hoover up billions of pieces of data inside its borders and around the world, according to reports published in recent days by researchers in Australia and Germany.

While policy makers in the West have trained their focus on China’s advances in next-generation cellular technology and invasive cyber-surveillance capabilities, the new research suggests that Beijing has broadened its mass-data-collection efforts to include relatively innocuous technologies, such as language translation.

A Chinese propaganda app that has been likened to a digital-age “Little Red Book” of Chairman Mao’s quotations and that has racked up more than 100 million registered users provides a potential backdoor for the Chinese Communist Party to log users’ locations, calls and contact lists, according to a report published Saturday by German cybersecurity company Cure53. The report was commissioned by the Open Technology Fund of U.S.-financed Radio Free Asia.

Xuexi Qiangguo—known in English as “Study the Great Nation”—has been touted as an education app, replete with content centered around Chinese President Xi Jinping’s namesake ideology, Xi Jinping Thought. Many government employees, students and civilians have been required to download the app, and some employers are asking workers to actively engage by earning points on the app by, among other activities, taking quizzes and watching videos, according to announcements by various companies, trade groups and government bodies.

Meanwhile, a little-known Chinese state-owned company specializing in big data and artificial intelligence can mine the equivalent of five trillion words in 65 different languages every day from sources such as social and traditional media for use by China’s national-security apparatus, according to research from the Australian Strategic Policy Institute in Canberra, which is backed by the Australian government and Western defense contractors.

Together, they represent an increased sophistication by Beijing in harnessing vast reams of data for political ends, the reports’ authors say.

The Australian report, published Monday, found strong indications that the Chinese company, Global Tone Communications Technology Co., or GTCOM, generated military and other state-security intelligence using the data it collected. The data could help “support the party-state’s development of tools for shaping public discourse,” the report says.

The company’s parent entities, China Translation Corp. and China Publishing Group, are under the direct supervision of China’s Central Propaganda Department. GTCOM has cooperation agreements with foreign universities in Sydney, Vienna and elsewhere in the West.

Samantha Hoffman, author of the Australian report, cited the mining of Facebook data by U.K.-based consulting company Cambridge Analytica around the time of the 2016 U.S. presidential election and the subsequent advances in data collection and analytics as “transforming how public sentiment is monitored, analyzed and manipulated.”

In a 2017 presentation available on its website, GTCOM’s director of big data, Liang Haoyu, indicated that the company was trying to build up technologies such as voice and facial recognition for “real-time monitoring” of security risks.

“In the future, [GTCOM] will be able to find the requested facial structure through image recognition and provide technical support and assistance for state security,” Mr. Liang said. The presentation also claimed that “90% of military-grade intelligence data can be obtained from open data analysis.”

GTCOM didn’t respond to requests for comment.

Xuexi Qiangguo became the most downloaded app in China following its January debut, part of a comprehensive campaign under Mr. Xi to tighten ideological control in the smartphone era. The app was developed by the Communist Party’s Propaganda Department with help from Alibaba Group Holding Ltd., according to a person familiar with the matter. China’s State Council Information Office, the publicity arm of China’s cabinet, didn’t immediately respond to a request for comment.

A spokesman for Alibaba’s messaging app DingTalk, whose software underpins the Xuexi Qiangguo app, said that it is an open technology platform whose technology tools could be used for third-party development but said it didn’t have any “backdoor code” that would allow users’ devices to be infiltrated.

An analysis by the Open Technology Fund, which accompanied the German report on Xuexi Qiangguo, said that code found in the app provides “superuser” access to smartphones, which includes the ability to modify files and install software that logs keystrokes. To run the app, users must also agree to allow access to a trove of personal data, as well as to cameras, microphones, call logs and locations.

The app also contains weak encryption software that can be easily cracked, leaving email, biometric data and other information exposed, the report said. That provides a path to efficiently collect and analyze messages and other data on millions of users. There has been no evidence that data have been gathered this way or collected through “super-user” access.

The amount of data gathered by Xuexi Qiangguo isn’t unusual for commercial apps, the report said, but this app was developed by the Communist Party and has a huge user base—potentially giving the government access to vast amounts of personal data.

The report focuses only on devices operating on the Android operating system, which underpins the vast majority of China’s smartphones. The app is also available for download on Apple Inc. ’s iPhones. In a statement, Apple said the Xuexi Qiangguo app can be downloaded on its devices, but that “this type of ‘superuser’ surveillance could not be conducted on its operating system.”

Ms. Hoffman, the Australian report’s author, said the emergence of companies like GTCOM highlights how innocuous devices and services can serve as tools for the Chinese party-state’s “tech-enhanced authoritarianism” ambitions.

“While there’s an important focus on technologies such as 5G, surveillance or cyber-enabled espionage, this narrow focus misses the bigger picture,” she said.

—Stu Woo contributed to this article.Write to Shan Li at shan.li@wsj.com and Philip Wen at philip.wen@wsj.com