Jingwang Weishi
Jingwang Weishi (
Function
In 2018, a research team of analysts conducted a thorough report on Jingwang Weishi.[1]
When the application is first installed, it sends a request to the base server. The server responds with a JSON object containing a list of MD5 hashes, which the program stores in a local SQLite database.[1]
The application records the "essential information", as the program's code calls it, of its device. Specifically, the essential information consists of the device's International Mobile Equipment Identity (IMEI) number, MAC address, manufacturer, model, phone number, and international mobile subscriber identity (IMSI) number.[1]
Jingwang Weishi also performs file scans on the device. It looks for files with the extensions
The application uploads device data by compressing two files named jbxx.txt and files.txt into a ZIP file named JWWS.zip. The jbxx.txt contains the device's "essential information". The files.txt contains the metadata of the "dangerous" files found on the user's device. If no files have been deemed "dangerous", files.txt will not be sent.[1]
The analyst team did not find any backdoor features built into the application. However, it does request for permissions when installed that could be used maliciously in future updates. Among other permissions, it requests the ability to start itself as soon as the system has finished booting. This permission is not used by the application, as it only performs its functionality when it is in main view. However, future updates could allow it to start and begin scanning the user's device right after it has finished booting, unknown to the user.[1]
The application updates itself by downloading newer
http://<update_server_IP_and_port>/APP/GA_AJ_JK/GA_AJ_JK_GXH.apk?AJLY=650102000000
, which performs a download of the APK file.[1]The application also makes periodic requests to the base server to update its local database of MD5 hashes of "dangerous" files.[1]
The application creates four files during its lifecycle:[1]
/sdcard/JWWS/GA_AJ_JK_GXH.apk
/sdcard/JWWS/JWWS/shouji_anjian/jbxx.txt
/sdcard/JWWS/JWWS/shouji_anjian/files.txt
/sdcard/JWWS/JWWS/shouji_anjian/JWWS.zip
Once these files are used, they are immediately deleted.[1]
Data is transferred in plaintext and over insecure
The base and update server are located at the domain http://bxaq.landaitap.com[permanent dead link]. This domain resolved to 47.93.5.238 in 2018, when the analysts wrote their report,[1] and as of 2020, resolved to 117.190.83.69.[5] Both IP address locations are in China.[6] The update server is located at port 8081, while the base server is located at port 22222.[1]
Mandatory use
Police in China have reportedly forced Uyghurs in Xinjiang to download the application as part of a mass surveillance campaign on the eve of the 19th National Congress of the Chinese Communist Party.[3] They checked to ensure that individuals have it installed on their phones, and have arrested individuals who refused to do so.[3][7]
See also
- Green Dam Youth Escort, a similar but now discontinued content-control program
- Xuexi Qiangguo, the CCP auto-study app developed by Alibaba
References
- ^ a b c d e f g h i j k l m n o p Open Technology Fund. "Jingwang Report" (PDF). opentech.fund. Archived (PDF) from the original on 2018-08-31. Alt URL
- ^ Cox, Joseph (April 9, 2018). "Chinese Government Forces Residents To Install Surveillance App With Awful Security". Vice Media.
- ^ a b c d Rajagopalan, Megha; Yang, William (April 9, 2018). "China Is Forcing People To Download An App That Tells Them To Delete "Dangerous" Photos". BuzzFeed News.
- ^ "An internment camp for 10 million Uyghurs, Meduza visits China's dystopian police state". Medusa Project. 1 October 2018. Retrieved 3 October 2018.
- ^ "DNS Checker - DNS Check Propagation Tool". DNS Checker. Retrieved 2020-08-30.
- ^ "IP Location Finder - Geolocation". www.iplocation.net. Retrieved 2020-11-12.
- ^ Ashok, India (July 25, 2017). "What is Jingwang? China's Muslim minority forced to install spyware on their phones". International Business Times.