"Anti-fraud" (反诈) spyware apps, phone inspections in China #354
Comments
|
Edited my post to make it simpler with additional information. And less human to be used to train "AI" The "'Anti-fraud" spyware app is officially named as National Anti-Fraud Center. https://en.wikipedia.org/wiki/National_Anti-Fraud_Center
Xiaomi phones pre-install it on system level. https://www.gizmochina.com/2022/01/03/miui-13-anti-fraud-scam/ https://chinadigitaltimes.net/chinese/675320.html Besides Xiaomi, National Anti-Fraud Center is pre-installed on almost all new phones made in China. it is de facto mandatory by Chinese government.
Flush your phone and install a clean OS yourself which is, ironically, unrealistic for most people.
tencent provide binary for windows desktop and android phone.
Xiaomi app store also provide download
National Anti-Fraud Center is not limited to android phones. there are other binaries for apple devices and windows desktop. https://chinadigitaltimes.net/chinese/701596.html
China-based phone numbers are linked to individual persons. To obtain a China-based phone number, real identification and possibly Facial recognition are required. I don't think anyone in China can safely provide a phone number for research.
"pt" probably stands for Platform (PingTai).
gaukas post has important info I missed. |
wkrp
changed the title
|
Thanks. That is really helpful information. The Chinese term is 国家反诈中心 (guójiā fǎnzhà zhōngxīn) and here are the Wikipedia pages: https://en.wikipedia.org/wiki/National_Anti-Fraud_Center Clicking on wiki links, I get to this article (archive) and then the app's page in the Apple App Store: https://apps.apple.com/cn/app/国家反诈中心/id1552823102 (archive) (WTH, Apple? You delete VPN apps from the App Store at the request of the Chinese government, you delete communication apps from the App Store at the request of the Chinese government, at the same time you host spyware that violates the privacy of your customers? I guess we all know "what happens on your iPhone stays on your iPhone" is a lie.) Here's the page at AppleCensorship: https://applecensorship.com/app-store-monitor/app/1552823102 (archive) The location test (archive) shows that the app only appears in the App Store for China and not for other countries:
I don't see the app in the Google Play store, at least when searching in Tor Browser: |
|
The OTF Red Team has reverse-engineered and analyzed the 国家反诈中心 National Anti-Fraud Center app in 2022. (Though they say: "Further investigation into the National Anti-Fraud Center app is necessary. The auditors faced several limitations, including regional blocks pertaining to not having access to a China-based phone number.") China's National Anti-Fraud Center – Security Assessment Executive summary
§1 Code obfuscation
§3 Protection of communications
["gjfz" is obviously 国家反诈 guójiā fǎnzhà "national anti-fraud" but I don't know what "pt" is.] §4 Usage of free China based phone number
§6 Frameworks included in the IPA
§7 Privacy Policy
§11 Endpoint and information collected
Appendix IV. API endpointapi/Feedback/GetDetails… click for list
|
|
I am primarily interested in the "anti-fraud" app from the perspective of anti-circumvention. If the app can detect the presence of circumvention apps, then it is likely that there is a list of names of circumvention tools either included in the app itself, or queryable through one of the API endpoints, perhaps one of these:
|
It existed in other countries before, at least in May 2021 as I remember. The screenshot was from Japan App Store:
The CCP fears people’s protest or gave it bad comments, so it asked Apple to close comment in Chinse App Store, but it has no such power in other countries. You can see in Japan all of the four comments are lowest star.
The Japanese one comment:
|
|
I'd share my personal experience with this "Anti-Fraud" thing when I visited China quite a while ago. (Not directly involving the app) I was tethering my laptop using my China Mobile cellular service on an iPhone (WITHOUT installing any related app), all of a sudden I got a text message from 96110 telling me I am visiting a scam website and ask me to stop (in Chinese). About a minute later I received a phone call from 96110, in which it is a prerecorded warning message in Chinese telling me I am visiting a scam website, stop immediately, press a number to connect to live agent, etc. About a few minutes later I repeated everything and received another text message, but not phone call this time. I am suspecting they are using DNS or TLS-SNI based filtering but I did not dig into it since it is too easy to backtrack from the cellular service and intense testing and triggering of the system will definitely alert someone in charge. |
|
// Thanks for sharing. I used Newstr AI to create a quick summary of all the conversations above. Hopefully,it helps some external readers: Comprehensive Analysis of China's National Anti-Fraud Center and Digital Surveillance PracticesIntroductionIn recent years, the Chinese government has intensified its surveillance measures, notably through the mandatory installation of the "National Anti-Fraud Center" app. This initiative reflects a broader strategy to control and monitor the digital activities of its citizens. This article delves into the multifaceted aspects of the app and its integration into the broader surveillance infrastructure, examining its impact on privacy, freedom, and corporate compliance. The National Anti-Fraud Center App: Overview and FunctionalityThe "National Anti-Fraud Center" app, developed under the auspices of the Chinese government, is designed ostensibly to combat fraud but is equipped with capabilities that extend far into surveillance. It monitors and controls the use of circumvention tools that allow users to bypass internet censorship, essentially serving as a gatekeeper against unauthorized information access. Key Features and Technical Insights
Systemic Integration and International ReachUnlike typical applications, the "National Anti-Fraud Center" is part of a larger surveillance ecosystem embedded within China's state-controlled telecommunications network. This system facilitates real-time monitoring and automated interventions, such as sending warnings to users visiting unapproved websites or using unauthorized apps. International Availability and Corporate ComplianceInitially available internationally, such as in the Japan App Store, the app received significant backlash due to its intrusive nature. However, within China, corporate entities like Apple have complied with government directives to disable user feedback, highlighting the complex dynamics between global business practices and national surveillance laws. User Experiences and Enforcement MechanismsPersonal anecdotes and user reports reveal the extensive reach of China's surveillance apparatus. For instance, users have reported receiving immediate warnings via SMS and phone calls when engaging in activities deemed suspicious by the state, regardless of having the app installed. This suggests a pervasive monitoring system that taps directly into cellular services. Ethical Considerations and Future ImplicationsThe collaboration between Chinese authorities and international corporations in enforcing these surveillance measures raises significant ethical questions. The potential future integration of surveillance technologies into hardware and broader network infrastructure could lead to even more profound implications for global privacy and freedom. China's "National Anti-Fraud Center" serves as a poignant example of how modern digital surveillance can transcend traditional boundaries between state control and personal freedom. The involvement of international corporations in these practices further complicates the landscape, challenging the global community to reconsider the balance between security and privacy. References |
If you had written a summary yourself, I would have appreciated it. Instead you feed my post to proprietary machine learning software without my consent. It is creepy and can't be undone. Your 'summary' is also misleading.
I assume this is base on my post "I think the "National Anti-Fraud Center" is a set of systems rather than a single app. " That is my opinion and assumption, not necessarily a fact. |
|
China's Internet Emergency Response Center (CNCERT) publishes semiannual lists of "network security emergency service support units" (网络安全应急服务支撑单位名单):
The 8th and 9th editions have special categories of "anti-cyberfraud" (反网络诈骗领域) support units: 8th edition:
9th edition:
The company 北京安天网络安全技术有限公司 (Antiy) that is mentioned in the anti-fraud app's privacy policy is not listed among the anti-cyberfraud units, but in both the 8th and 9th edition Antiy is one of the "national-level" (国家级) units. |
|
The National Anti-Fraud Center app also seem to has access to phone owner's contact list. Also since this issue seems to be focused on National Anti-Fraud Center app in phone. I opened a new issue and updated some additional info regarding the anti-fraud plugins in FTTR modem. And because I think that incident itself is quite concerning. the |
|
All Chinese smartphone manufacturers have integrated anti-fraud features at the system level (not the national anti-fraud app), and Xiaomi is no exception. Since 2023, smartphone manufacturers have once again tightened the unlocking permissions for Android bootloaders, making it difficult for new models to bypass the anti-fraud system monitoring by flashing third-party ROMs. In fact, what we are facing is an expansion of public power under the guise of anti-fraud, which is far more extensive and deeper than before. A similar past instance was the Ministry of Industry and Information Technology's Green Dam software, which was eventually halted. The nominal reason for implementing anti-fraud measures is the recent surge in telecommunication fraud, especially in the Southeast Asia region, notably northern Myanmar.
|
I'll just link to measurements from 2022 about ISPs sending users to anti-fraud websites. It worked by either DNS injection or HTTP injection. It was considered significant because webpages in China are usually blocked by RST injection. China "Anti-Fraud" Webpage Redirection Censorship
|
An article from Radio Free Asia (archive), via Human Rights in China's 2024-04-02 weekly brief (archive), says that police in China are inspecting people's phones to check for circumvention apps, and that people have been forced to install an "anti-fraud" (反诈骗) app that (at least) checks for installed circumvention software.
It's not clear to me the circumstances under which someone might have such an "anti-fraud" app installed. Are they pre-installed by phone providers? Automatically installed by phone repair shops? Installed by the police after any police encounter?
Has anyone acquired a sample of an "anti-fraud" app, in APK format or similar?
#254 is a previous thread that mentions "anti-fraud" apps.
Is there anything that can be done, in terms of circumvention, when the user's own device is not trustworthy? We almost always model the user's own computer as being uncontrolled by the censor. Is it an impossible situation, or are there any realistic countermeasures?
The Radio Free Asia article has a photograph of an SMS from the Hubei provincial police department notifying the owner that circumvention software was detected and telling them to uninstall it. Presumably the detection was the result of an "anti-fraud" app.
In 2018, a spyware app called 净网卫士 (Jingwang Weishi) was reverse-engineered by the OTF Red Team. They found many security flaws and partially mapped the backend infrastructure. That app was targeted at the Uyghur ethnic minority—a reminder that surveillance systems are usually first tested on more vulnerable and marginalized people before moving on to the rest of society.
https://www.opentech.fund/news/app-targeting-uyghur-population-censors-content-lacks-basic-security/
https://public.opentech.fund/documents/OTF_JingWang_Report_v2.pdf
The text was updated successfully, but these errors were encountered: