A Chinese educational app called Study the Great Nation developed by the Chinese Communist Party’s Propaganda Department with help from Alibaba is a hugely intrusive piece of spyware that potentially violates several fundamental human rights.
According to the Open Technology Fund, Study the Great Nation allows remote administrator-level access to download other apps, modify files, exfiltrate data (including contacts, messages, passwords etc.) and log keystrokes. In fact, it can potentially do anything its masters want.
Study the Great Nation is now on many hundreds of millions of Android and iOS phones.
Huawei reported its App store had over 300 million installs on its devices alone. It appears that Alibaba and other app store install figures are now ‘unavailable’.
It is supposed
to provide news and articles on China, keep citizens up to date with President
Xi Jinping’s activities, and is gamified by through a points system for quizzes,
reading and commenting on the articles.
And as a bonus it provides supposedly secure “video chat with friends, send messages that get deleted after having being read, create a personal calendar, get informed through the state media or watch TV series about the History of the Communist Party of China.”
It is all-pervasive
Nationalistic Chinese love it – calling it the high-tech version of Mao Zedong’s ‘Little Red Book’ – mandatory reading! Members of the Chinese Communist Party must install it, and Chinese citizens are pressured to download and use it to study CCP dogma and Xi Jinping Thought.
More recently, Chinese Journalists must take an exam testing
their loyalty to the Party to have their press credentials renewed – the test is
only available via the app.
OTF’s purpose is to support internet freedom worldwide
without fear of repressive censorship or surveillance.
runs on both Android and iOS, but the latter only has 6% of the Chinese market.
Study the Great Nation removes any semblance of privacy
OTF and Germany-based Cure53 analysed the code finding cleverly concealed ‘anti-reversing’ techniques to hide the apps real intent.
Code53 found that the Study the Great Nation app:
Contains code that amounts to a backdoor
essentially granting complete administrator-level access to a user’s phone. It
could not identify if, or how exactly this access is used
Actively scans to find other apps that are
running on the user’s device, drawing from a list of 960 specific applications;
Purposely employs the use of weak cryptographic
algorithms in areas containing sensitive user data; and
Collects and sends detailed app log reports daily,
including a wealth of user data and app activity.
Tracks General information about the phone
(IMEI, device model, brand, device ID, AppKey, info on whether the device is
rooted); Connection information (Wifi-SSID, carrier, VPN-check); User-information
(UIDs, cookies, session-IDs, Event-, Page- and Track-IDs, calls, call
statistics, contacts); Location; Running processes and services.
Stores this data in clear text on an SD card if
installed (circumventing fingerprint or other security)
Code53 bluntly states
It managed to prove one case of a clear human rights violation (HRV) by the ‘Study the Great Nation’ app. Three of the six findings rate as “Evident” HRV, and the remaining two remain unclear as regards human rights implications.
“Study the Great Nation has technical capabilities that go well beyond what it purports to do and maintains a level of access that no app would normally have over a user’s device.”
Aside from the app’s extensive user data collection and transmission,
it is deeply concerning and alerting that the app could possibly obtain a
pervasive level of access and the ability to run arbitrary commands on a user’s
device, obfuscate its full functionalities and employ strong anti-reversing
techniques, while also purposely using weak encryption around user’s privacy.
What’s clear is that while the CCP advertises Study the
Great Nation as a way for citizens to prove their loyalty and study their
country, the app’s maintainers are studying them right back.