In Xinjiang, a part of western China that a Muslim minority population calls home, the government forces residents to install an Android app that scans devices for particular files. Now, cybersecurity researchers have found that the so-called JingWang app has horrendous security practices for transferring data, and uncovered more details on what exactly the app does to phones.
China experts say the app is a continuation of China’s surveillance and oppression of the some 11 million-strong Uighur ethnic group, in an area fraught with some of the most broad human rights violations in the world.
“What we can confirm, based off the audit’s findings, is that the JingWang app is particularly insecure and is built with no safeguards in place to protect the private, personally identifying information of its users—who have been forced by the government to download and use it in the first place,” Adam Lynn, research director at the Open Technology Fund (OTF), the organization that supported the investigation of JingWang by third-party researchers, told Motherboard in an email. OTF is a US government funded program.