According to a group of publications, including The Guardian, Motherboard and The New York Times, Chinese border guards put text-stealing malware on the phones of visitors entering through certain checkpoints, as part of the government’s intensive scrutiny of the Xinjiang province.
The region is inhabited by a Muslim Uighur majority, which in recent years with much greater emphasis, has been harassed and put under strict surveillance through the use of software for facial recognition and pervasive use of surveillance cameras.
Over one million Uyghurs are detained in rehabilitation centers.
According to published reports, agents are taking visitors’ phones and secretly installing an app that extracts emails, texts, and contacts, as well as information about the device itself.
The iPhones are plugged into a reader that scans them, while Android phones have the app installed to scan the phone and collects data.
The app, which is called BXAQ or Fēng cǎi, in particular, collects telephone contacts, text messages, call history, calendar appointments, which applications are present on the device, which user names are used for some apps.
The data is then uploaded to a server.
Once the scanning is finished, the app should be deleted, but some Chinese agents evidently forgot about it on some occasions, allowing it to be discovered.
This activity was initially noted on the border between China and Kyrgyzstan.