By Leandro Rocha
In a report released last week, the Open Technology Fund (OTF) — a U.S. Government program funded to support global Internet freedom technologies — stated that the JingWang app, which the Chinese government has forced citizens of Xinjiang province to install on their Android devices, does not protect users’ private information; and, besides that, it is vulnerable to man-in-the-middle attacks.
Last year, Chinese authorities sent a message through WeChat (a popular message application in China), requiring the installation of the JingWang app on the devices of the Uyghur population, a Muslim ethnic group living in Xinjiang. The app’s goal, according to the government, was to detect terrorist documents, religious videos, and images considered illegal.
Several different surveillance practices are imposed on the citizens of Xinjiang due to old tensions with the Chinese government.The Uyghurs claim that the province of Xinjiang, which they call East Turkestan, is not legally a part of China, as it would have invaded the territory in 1949.
The report released by the OTF alleges the abuse of the Chinese authorities against the Uighurs, and states that the JingWang app is very invasive because, in addition to extracting files of government interest, the application collects information about wireless networks, device model, MAC addresses, IMEI number and metadata of any stored file, as well it blocks some sites and prevents some other applications from being installed.
Moreover, in addition to being invasive, the report points out that JingWang is also insecure, since all data sent from users’ devices to government servers navigates unencrypted, allowing for man-in-the-middle attacks.
“What we can confirm, based off the audit’s findings, is that the JingWang app is particularly insecure and is built with no safeguards in place to protect the private, personally identifying information of its users (…)”, said Adam Lynn, OTF research director to Motherboard.
Lynn also said that, “the app’s technical insecurity only opens its users up to further attacks by actors aside from the Chinese government. It seem there is zero interest in protecting citizens’ information, only in using it against them”.
The question, in this case, according to Motherboard, is the ease with which the Chinese authorities have forced citizens to install monitoring software. If an Uyghur decides not to install JingWang and the police finds out, s/he will face up to 10 days in detention.
According to The New York Times, some people in the Chinese bureaucracy and Chinese academic circles disagree with this approach. They fear that the blockade of a whole province and the persecution of an entire ethnic group only instills in a lasting resentment among the Uyghurs.
James Millward, a history professor at Georgetown University, has raised a question: As China grows on the international scene, the question is whether what happens in Xinjiang will remain in Xinjiang.