Together with the Guardian and the New York Times, the reporting team commissioned several technical analyses of the app. Penetration testing firm Cure53 on behalf of the Open Technology Fund, researchers at Citizen Lab from the University of Toronto, and researchers from the Ruhr University Bochum as well as the Guardian itself all provided insights about BXAQ. The app's code also includes names such as "CellHunter" and "MobileHunter."
Once installed on an Android phone, by "side-loading" its installation and requesting certain permissions rather than downloading it from the Google Play Store, BXAQ collects all of the phone's calendar entries, phone contacts, call logs, and text messages and uploads them to a server, according to expert analysis. The malware also scans the phone to see which apps are installed, and extracts the subject’s usernames for some installed apps. (Update: after the publication of this piece, multiple antivirus firms updated their products to flag the app as malware).
Xinjiang is one of China’s buffer states which separates the heartland from its neighbours. It is also an energy producer and bread basket so China has additional reasons to quell even a whiff of separatist sentiment. The extend of surveillance and re-education programs (incarceration) is unparalleled in modern history and is a testament to just how overtly authoritarian the administration is.Back to top