The Chinese Communist Party has billed its propaganda app “Study Xi, Strong Nation” as a fun educational tool. But the app seems to be designed to teach the Party’s policies, while learning the habits of more than 100 million users.
A new report from the Open Technology Fund (OTF), an initiative funded by the US government, said that the “Study Xi, Strong Nation” app has code that “amounts to a backdoor to rooted devices, essentially granting complete administrator-level access to a user’s phone.” This means the app acquires “superuser” access to the phone, the report said. Superuser access gives it “the power to do anything,” including downloading software, modifying files and data, or installing a key logger, a tool that allows the interception of passwords and account numbers from the keystrokes on a device.
The information collected by the app—such as users; location, the other apps on their phones, and activity log—is sent to to various entities, including xuexi.cn, a domain owned by Alibaba, according to the report. Alibaba’s messaging app DingTalk’s open tech platform was used to build the “Study Xi, Strong Nation” app.
However, the report said that it could not verify whether, or how exactly this “backdoor” access has been used. It also pointed out that the practice of extensive collection of data is not uncommon for some other commercial apps, but there is “no legitimate reason” for an app of this nature to seek permission to run commands with high levels of privilege on users’ phones.
The OTF partnered with Cure53, a German cybersecurity firm, to conduct the research. In a separate report elaborating on its findings, Cure53 said that the app gives the government the capacity to determine “the location of every citizen at any single point in time.” The audit was conducted on Android-based operating systems, which make up more than 80% of smartphone operating systems in China.
The app’s name, Xuexi Qiangguo (学习强国）in Chinese, translates two ways in English—”Study Xi, Strong Nation” and “Study the Great Nation.” It’s part of the Party’s efforts to promote its policies, especially Chinese president Xi Jinping’s ideology. The app includes policy quizzes, a news feed, history lessons, and videos. Notably, it requires users to earn “study points” by completing quizzes correctly, watching patriotic videos, and reading or sharing articles. The most popular app in China’s Apple store in February, it has been heavily promoted by government offices, companies, and schools. Registered users reached the 100-million mark in April.
The OTF’s findings come as China tightens digital surveillance of its citizens. The episode also highlights the uneasy relationship China’s tech giants have with the Party, with tech companies increasingly involved with initiatives that further official goals. The report says Alibaba created and maintained the parts of the “Study Xi, Strong Nation” app that have the backdoor code. Alibaba did not comment. The company referred to a DingTalk spokesperson’s comment that the messaging app is “an open technology platform, and its suite of technology tools can be used for independent development of other applications and does not have any ‘backdoor code’ or scanning issues.”
Correction: The article headline earlier misspelled Xi Jinping.