-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Anti-fraud" (反诈) spyware apps, phone inspections in China #354
Comments
Edited my post to make it simpler with additional information. And less human to be used to train "AI" The "'Anti-fraud" spyware app is officially named as National Anti-Fraud Center. https://en.wikipedia.org/wiki/National_Anti-Fraud_Center
Xiaomi phones pre-install it on system level. https://www.gizmochina.com/2022/01/03/miui-13-anti-fraud-scam/ https://chinadigitaltimes.net/chinese/675320.html Besides Xiaomi, National Anti-Fraud Center is pre-installed on almost all new phones made in China. it is de facto mandatory by Chinese government.
Flush your phone and install a clean OS yourself which is, ironically, unrealistic for most people.
tencent provide binary for windows desktop and android phone.
Xiaomi app store also provide download
National Anti-Fraud Center is not limited to android phones. there are other binaries for apple devices and windows desktop. https://chinadigitaltimes.net/chinese/701596.html
China-based phone numbers are linked to individual persons. To obtain a China-based phone number, real identification and possibly Facial recognition are required. I don't think anyone in China can safely provide a phone number for research.
"pt" probably stands for Platform (PingTai).
gaukas post has important info I missed. |
Thanks. That is really helpful information. The Chinese term is 国家反诈中心 (guójiā fǎnzhà zhōngxīn) and here are the Wikipedia pages: https://en.wikipedia.org/wiki/National_Anti-Fraud_Center Clicking on wiki links, I get to this article (archive) and then the app's page in the Apple App Store: https://apps.apple.com/cn/app/国家反诈中心/id1552823102 (archive) (WTH, Apple? You delete VPN apps from the App Store at the request of the Chinese government, you delete communication apps from the App Store at the request of the Chinese government, at the same time you host spyware that violates the privacy of your customers? I guess we all know "what happens on your iPhone stays on your iPhone" is a lie.) Here's the page at AppleCensorship: https://applecensorship.com/app-store-monitor/app/1552823102 (archive) The location test (archive) shows that the app only appears in the App Store for China and not for other countries: I don't see the app in the Google Play store, at least when searching in Tor Browser: |
The OTF Red Team has reverse-engineered and analyzed the 国家反诈中心 National Anti-Fraud Center app in 2022. (Though they say: "Further investigation into the National Anti-Fraud Center app is necessary. The auditors faced several limitations, including regional blocks pertaining to not having access to a China-based phone number.") China's National Anti-Fraud Center – Security Assessment Executive summary
§1 Code obfuscation
§3 Protection of communications
["gjfz" is obviously 国家反诈 guójiā fǎnzhà "national anti-fraud" but I don't know what "pt" is.] §4 Usage of free China based phone number
§6 Frameworks included in the IPA
§7 Privacy Policy
§11 Endpoint and information collected
Appendix IV. API endpointapi/Feedback/GetDetails… click for list
|
I am primarily interested in the "anti-fraud" app from the perspective of anti-circumvention. If the app can detect the presence of circumvention apps, then it is likely that there is a list of names of circumvention tools either included in the app itself, or queryable through one of the API endpoints, perhaps one of these:
|
It existed in other countries before, at least in May 2021 as I remember. The screenshot was from Japan App Store: The CCP fears people’s protest or gave it bad comments, so it asked Apple to close comment in Chinse App Store, but it has no such power in other countries. You can see in Japan all of the four comments are lowest star. The Japanese one comment:
|
I'd share my personal experience with this "Anti-Fraud" thing when I visited China quite a while ago. (Not directly involving the app) I was tethering my laptop using my China Mobile cellular service on an iPhone (WITHOUT installing any related app), all of a sudden I got a text message from 96110 telling me I am visiting a scam website and ask me to stop (in Chinese). About a minute later I received a phone call from 96110, in which it is a prerecorded warning message in Chinese telling me I am visiting a scam website, stop immediately, press a number to connect to live agent, etc. About a few minutes later I repeated everything and received another text message, but not phone call this time. I am suspecting they are using DNS or TLS-SNI based filtering but I did not dig into it since it is too easy to backtrack from the cellular service and intense testing and triggering of the system will definitely alert someone in charge. |
// Thanks for sharing. I used Newstr AI to create a quick summary of all the conversations above. Hopefully,it helps some external readers: Comprehensive Analysis of China's National Anti-Fraud Center and Digital Surveillance PracticesIntroductionIn recent years, the Chinese government has intensified its surveillance measures, notably through the mandatory installation of the "National Anti-Fraud Center" app. This initiative reflects a broader strategy to control and monitor the digital activities of its citizens. This article delves into the multifaceted aspects of the app and its integration into the broader surveillance infrastructure, examining its impact on privacy, freedom, and corporate compliance. The National Anti-Fraud Center App: Overview and FunctionalityThe "National Anti-Fraud Center" app, developed under the auspices of the Chinese government, is designed ostensibly to combat fraud but is equipped with capabilities that extend far into surveillance. It monitors and controls the use of circumvention tools that allow users to bypass internet censorship, essentially serving as a gatekeeper against unauthorized information access. Key Features and Technical Insights
Systemic Integration and International ReachUnlike typical applications, the "National Anti-Fraud Center" is part of a larger surveillance ecosystem embedded within China's state-controlled telecommunications network. This system facilitates real-time monitoring and automated interventions, such as sending warnings to users visiting unapproved websites or using unauthorized apps. International Availability and Corporate ComplianceInitially available internationally, such as in the Japan App Store, the app received significant backlash due to its intrusive nature. However, within China, corporate entities like Apple have complied with government directives to disable user feedback, highlighting the complex dynamics between global business practices and national surveillance laws. User Experiences and Enforcement MechanismsPersonal anecdotes and user reports reveal the extensive reach of China's surveillance apparatus. For instance, users have reported receiving immediate warnings via SMS and phone calls when engaging in activities deemed suspicious by the state, regardless of having the app installed. This suggests a pervasive monitoring system that taps directly into cellular services. Ethical Considerations and Future ImplicationsThe collaboration between Chinese authorities and international corporations in enforcing these surveillance measures raises significant ethical questions. The potential future integration of surveillance technologies into hardware and broader network infrastructure could lead to even more profound implications for global privacy and freedom. China's "National Anti-Fraud Center" serves as a poignant example of how modern digital surveillance can transcend traditional boundaries between state control and personal freedom. The involvement of international corporations in these practices further complicates the landscape, challenging the global community to reconsider the balance between security and privacy. References |
If you had written a summary yourself, I would have appreciated it. Instead you feed my post to proprietary machine learning software without my consent. It is creepy and can't be undone. Your 'summary' is also misleading.
I assume this is base on my post "I think the "National Anti-Fraud Center" is a set of systems rather than a single app. " That is my opinion and assumption, not necessarily a fact. |
China's Internet Emergency Response Center (CNCERT) publishes semiannual lists of "network security emergency service support units" (网络安全应急服务支撑单位名单):
The 8th and 9th editions have special categories of "anti-cyberfraud" (反网络诈骗领域) support units: 8th edition:
9th edition:
The company 北京安天网络安全技术有限公司 (Antiy) that is mentioned in the anti-fraud app's privacy policy is not listed among the anti-cyberfraud units, but in both the 8th and 9th edition Antiy is one of the "national-level" (国家级) units. |
The National Anti-Fraud Center app also seem to has access to phone owner's contact list. Also since this issue seems to be focused on National Anti-Fraud Center app in phone. I opened a new issue and updated some additional info regarding the anti-fraud plugins in FTTR modem. And because I think that incident itself is quite concerning. the |
All Chinese smartphone manufacturers have integrated anti-fraud features at the system level (not the national anti-fraud app), and Xiaomi is no exception. Since 2023, smartphone manufacturers have once again tightened the unlocking permissions for Android bootloaders, making it difficult for new models to bypass the anti-fraud system monitoring by flashing third-party ROMs. In fact, what we are facing is an expansion of public power under the guise of anti-fraud, which is far more extensive and deeper than before. A similar past instance was the Ministry of Industry and Information Technology's Green Dam software, which was eventually halted. The nominal reason for implementing anti-fraud measures is the recent surge in telecommunication fraud, especially in the Southeast Asia region, notably northern Myanmar.
|
I'll just link to measurements from 2022 about ISPs sending users to anti-fraud websites. It worked by either DNS injection or HTTP injection. It was considered significant because webpages in China are usually blocked by RST injection. China "Anti-Fraud" Webpage Redirection Censorship
|
The Android APK package name for the National Anti-Fraud Center app appears to be "com.hicorenational.antifraud" (see e.g. https://apkcombo.com/guo-jia-fan-zha-zhong-xin/com.hicorenational.antifraud), which I suppose is the same 上海黑瞳信息技术有限公司 / Hicore Tech listed in the CNCERT list of emergency support units. https://github.com/starco1100/starco1100.github.io has an APK file, though it is quite small (5.7 MB). |
Jeffrey Knockel (@jknockel) looked at iOS and Android versions of the anti-fraud app in 2022. He has made available code and other artifacts, including original .apk and .ipa files. Jeff reports being able to decrypt some of the included databases, which contained what looked like antivirus signatures. The Android file "avlsdk" is a zip file containing encrypted signature files. https://jeffreyknockel.com/fraud/fraud.tar.xz (265 MB) Contents of fraud.tar.xz0 fraud/ 9 fraud/README.md 0 fraud/android-bestmind/ 0 fraud/android-bestmind/avlsdk_FILES/ 0 fraud/android-bestmind/avlsdk_FILES/av/ 0 fraud/android-bestmind/avlsdk_FILES/av/avl/ 0 fraud/android-bestmind/avlsdk_FILES/av/avl/android/ 282955 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_ads.avl 69845 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_amc.avl 117207 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_apn.avl 1924792 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_basic.avl 9934 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_behav.avl 9797 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_dhc.avl 30314 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_emb.avl 415 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_grayflag.avl 2539361 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_herui.avl 42349 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_kw.avl 414536 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_opc.avl 445062 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_opc_scdf.avl 18359 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_opd.avl 22732 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_opg.avl 9701 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_pack.avl 76223 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_payware.avl 469905 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_pornware.avl 45193 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_sfmf.avl 7638 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_sgnl.avl 4063904 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_sign.avl 1787761 fraud/android-bestmind/avlsdk_FILES/av/avl/android/avlpk_white.avl 0 fraud/android-bestmind/avlsdk_FILES/av/avl/conf/ 11 fraud/android-bestmind/avlsdk_FILES/av/avl/conf/avllib.conf 372 fraud/android-bestmind/avlsdk_FILES/av/avl/conf/liscense.conf 0 fraud/android-bestmind/avlsdk_FILES/av/kw/ 0 fraud/android-bestmind/avlsdk_FILES/av/kw/common/ 0 fraud/android-bestmind/avlsdk_FILES/av/kw/common/en/ 477 fraud/android-bestmind/avlsdk_FILES/av/kw/common/en/behavior.des 689 fraud/android-bestmind/avlsdk_FILES/av/kw/common/en/common.des 259 fraud/android-bestmind/avlsdk_FILES/av/kw/common/en/recommend.des 0 fraud/android-bestmind/avlsdk_FILES/av/kw/common/zh/ 711 fraud/android-bestmind/avlsdk_FILES/av/kw/common/zh/behavior.des 1212 fraud/android-bestmind/avlsdk_FILES/av/kw/common/zh/common.des 274 fraud/android-bestmind/avlsdk_FILES/av/kw/common/zh/recommend.des 0 fraud/android-bestmind/avlsdk_FILES/sdk_conf/ 2027 fraud/android-bestmind/avlsdk_FILES/sdk_conf/sdk.conf 106 fraud/android-bestmind/avlsdk_FILES/sdk_conf/version.conf 0 fraud/android-bestmind/avlsdk_FILES/url/ 0 fraud/android-bestmind/avlsdk_FILES/url/url/ 0 fraud/android-bestmind/avlsdk_FILES/url/url/conf/ 11 fraud/android-bestmind/avlsdk_FILES/url/url/conf/avllib.conf 388 fraud/android-bestmind/avlsdk_FILES/url/url/conf/liscense.conf 604 fraud/android-bestmind/avlsdk_FILES/url/url/fish_re_tag.avl 311392 fraud/android-bestmind/avlsdk_FILES/url/url/fish_tag.avl 1632972 fraud/android-bestmind/avlsdk_FILES/url/url/fish_url_tag.avl 20832 fraud/android-bestmind/avlsdk_FILES/url/url/tag.avl 108 fraud/android-bestmind/avlsdk_FILES/url/url/white_re_tag.avl 255472 fraud/android-bestmind/avlsdk_FILES/url/url/white_tag.avl 0 fraud/android-bestmind/blowfish.py -> ../android/blowfish.py 0 fraud/android-bestmind/blowfishalt.py -> ../android/blowfishalt.py 50167255 fraud/android-bestmind/com.bestmind.antifraud_1.8.13_105.apk 0 fraud/android-bestmind/decrypted/ 0 fraud/android-bestmind/decrypted/av/ 0 fraud/android-bestmind/decrypted/av/avl/ 0 fraud/android-bestmind/decrypted/av/avl/android/ 0 fraud/android-bestmind/decrypted/av/avl/android/avlpk_ads.avl 0 fraud/android-bestmind/decrypted/av/avl/conf/ 363 fraud/android-bestmind/decrypted/av/avl/conf/liscense.conf 0 fraud/android-bestmind/decrypted/url/ 0 fraud/android-bestmind/decrypted/url/url/ 0 fraud/android-bestmind/decrypted/url/url/conf/ 371 fraud/android-bestmind/decrypted/url/url/conf/liscense.conf 0 fraud/android-bestmind/decrypt-avl.py -> ../android/decrypt-avl.py 0 fraud/android-bestmind/decrypt-license.py -> ../android/decrypt-license.py 0 fraud/android-bestmind/decrypt-url.py -> ../android/decrypt-url.py 0 fraud/android-bestmind/dumpall.sh -> ../android/dumpall.sh 0 fraud/android-bestmind/dump-url.py -> ../android/dump-url.py 0 fraud/android-bestmind/inflate.py -> ../android/inflate.py 0 fraud/android-bestmind/match-avl.py -> ../android/match-avl.py 0 fraud/android-bestmind/parse-avl.py -> ../android/parse-avl.py 0 fraud/android-bestmind/parse-url.py -> ../android/parse-url.py 0 fraud/android-bestmind/search.py -> ../android/search.py 0 fraud/android-bestmind/search-domain.py -> ../android/search-domain.py 0 fraud/android-bestmind/search-url.py -> ../android/search-url.py 0 fraud/android-bestmind/xxtea.py -> ../android/xxtea.py 0 fraud/android/ 41075 fraud/android/av.csv 2886313 fraud/android/avlsdk 0 fraud/android/avlsdk_FILES/ 0 fraud/android/avlsdk_FILES-old/ 0 fraud/android/avlsdk_FILES-old/av/ 0 fraud/android/avlsdk_FILES-old/av/avl/ 0 fraud/android/avlsdk_FILES-old/av/avl/android/ 4212 fraud/android/avlsdk_FILES-old/av/avl/android/avlpk_dec.avl 4118 fraud/android/avlsdk_FILES-old/av/avl/android/avlpk_kw.avl 0 fraud/android/avlsdk_FILES-old/av/avl/android/rckl/ 1150 fraud/android/avlsdk_FILES-old/av/avl/android/rckl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES-old/av/avl/android/rugl/ 354 fraud/android/avlsdk_FILES-old/av/avl/android/rugl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES-old/av/avl/android/smcl/ 451 fraud/android/avlsdk_FILES-old/av/avl/android/smcl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES-old/av/avl/android/spdl/ 300 fraud/android/avlsdk_FILES-old/av/avl/android/spdl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES-old/av/avl/conf/ 11 fraud/android/avlsdk_FILES-old/av/avl/conf/avllib.conf 372 fraud/android/avlsdk_FILES-old/av/avl/conf/liscense.conf 0 fraud/android/avlsdk_FILES-old/av/kw/ 0 fraud/android/avlsdk_FILES-old/av/kw/common/ 0 fraud/android/avlsdk_FILES-old/av/kw/common/en/ 477 fraud/android/avlsdk_FILES-old/av/kw/common/en/behavior.des 689 fraud/android/avlsdk_FILES-old/av/kw/common/en/common.des 259 fraud/android/avlsdk_FILES-old/av/kw/common/en/recommend.des 0 fraud/android/avlsdk_FILES-old/av/kw/common/zh/ 711 fraud/android/avlsdk_FILES-old/av/kw/common/zh/behavior.des 1212 fraud/android/avlsdk_FILES-old/av/kw/common/zh/common.des 274 fraud/android/avlsdk_FILES-old/av/kw/common/zh/recommend.des 0 fraud/android/avlsdk_FILES-old/sdk_conf/ 2043 fraud/android/avlsdk_FILES-old/sdk_conf/sdk.conf 106 fraud/android/avlsdk_FILES-old/sdk_conf/version.conf 0 fraud/android/avlsdk_FILES-old/url/ 0 fraud/android/avlsdk_FILES-old/url/url/ 0 fraud/android/avlsdk_FILES-old/url/url/conf/ 11 fraud/android/avlsdk_FILES-old/url/url/conf/avllib.conf 372 fraud/android/avlsdk_FILES-old/url/url/conf/liscense.conf 604 fraud/android/avlsdk_FILES-old/url/url/fish_re_tag.avl 802300 fraud/android/avlsdk_FILES-old/url/url/fish_tag.avl 1991568 fraud/android/avlsdk_FILES-old/url/url/fish_url_tag.avl 21072 fraud/android/avlsdk_FILES-old/url/url/tag.avl 124 fraud/android/avlsdk_FILES-old/url/url/white_re_tag.avl 244792 fraud/android/avlsdk_FILES-old/url/url/white_tag.avl 0 fraud/android/avlsdk_FILES/av/ 0 fraud/android/avlsdk_FILES/av/avl/ 0 fraud/android/avlsdk_FILES/av/avl/android/ 3563 fraud/android/avlsdk_FILES/av/avl/android/avlpk_dec.avl 4126 fraud/android/avlsdk_FILES/av/avl/android/avlpk_kw.avl 0 fraud/android/avlsdk_FILES/av/avl/android/rckl/ 1150 fraud/android/avlsdk_FILES/av/avl/android/rckl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES/av/avl/android/rugl/ 354 fraud/android/avlsdk_FILES/av/avl/android/rugl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES/av/avl/android/smcl/ 451 fraud/android/avlsdk_FILES/av/avl/android/smcl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES/av/avl/android/spdl/ 300 fraud/android/avlsdk_FILES/av/avl/android/spdl/avlpk_grayflag.avl 0 fraud/android/avlsdk_FILES/av/avl/conf/ 11 fraud/android/avlsdk_FILES/av/avl/conf/avllib.conf 372 fraud/android/avlsdk_FILES/av/avl/conf/liscense.conf 0 fraud/android/avlsdk_FILES/av/kw/ 0 fraud/android/avlsdk_FILES/av/kw/common/ 0 fraud/android/avlsdk_FILES/av/kw/common/en/ 477 fraud/android/avlsdk_FILES/av/kw/common/en/behavior.des 689 fraud/android/avlsdk_FILES/av/kw/common/en/common.des 259 fraud/android/avlsdk_FILES/av/kw/common/en/recommend.des 0 fraud/android/avlsdk_FILES/av/kw/common/zh/ 711 fraud/android/avlsdk_FILES/av/kw/common/zh/behavior.des 1212 fraud/android/avlsdk_FILES/av/kw/common/zh/common.des 274 fraud/android/avlsdk_FILES/av/kw/common/zh/recommend.des 0 fraud/android/avlsdk_FILES/sdk_conf/ 2779 fraud/android/avlsdk_FILES/sdk_conf/sdk.conf 107 fraud/android/avlsdk_FILES/sdk_conf/version.conf 0 fraud/android/avlsdk_FILES/url/ 0 fraud/android/avlsdk_FILES/url/url/ 0 fraud/android/avlsdk_FILES/url/url/conf/ 11 fraud/android/avlsdk_FILES/url/url/conf/avllib.conf 372 fraud/android/avlsdk_FILES/url/url/conf/liscense.conf 572 fraud/android/avlsdk_FILES/url/url/fish_re_tag.avl 462884 fraud/android/avlsdk_FILES/url/url/fish_tag.avl 2134432 fraud/android/avlsdk_FILES/url/url/fish_url_tag.avl 21072 fraud/android/avlsdk_FILES/url/url/tag.avl 124 fraud/android/avlsdk_FILES/url/url/white_re_tag.avl 246660 fraud/android/avlsdk_FILES/url/url/white_tag.avl 15683 fraud/android/blowfish.py 15896 fraud/android/blowfishalt.py 59595782 fraud/android/com.hicorenational.antifraud_1.1.28_108.apk 0 fraud/android/decrypted/ 0 fraud/android/decrypted-old/ 0 fraud/android/decrypted-old/av/ 0 fraud/android/decrypted-old/av/avl/ 0 fraud/android/decrypted-old/av/avl/android/ 4507 fraud/android/decrypted-old/av/avl/android/avlpk_dec.avl 28730 fraud/android/decrypted-old/av/avl/android/avlpk_kw.avl 0 fraud/android/decrypted-old/av/avl/android/rckl/ 3976 fraud/android/decrypted-old/av/avl/android/rckl/avlpk_grayflag.avl 0 fraud/android/decrypted-old/av/avl/android/rugl/ 2224 fraud/android/decrypted-old/av/avl/android/rugl/avlpk_grayflag.avl 0 fraud/android/decrypted-old/av/avl/android/smcl/ 1140 fraud/android/decrypted-old/av/avl/android/smcl/avlpk_grayflag.avl 0 fraud/android/decrypted-old/av/avl/android/spdl/ 498 fraud/android/decrypted-old/av/avl/android/spdl/avlpk_grayflag.avl 0 fraud/android/decrypted-old/av/avl/conf/ 357 fraud/android/decrypted-old/av/avl/conf/liscense.conf 0 fraud/android/decrypted-old/url/ 0 fraud/android/decrypted-old/url/url/ 0 fraud/android/decrypted-old/url/url/conf/ 365 fraud/android/decrypted-old/url/url/conf/liscense.conf 571 fraud/android/decrypted-old/url/url/fish_re_tag.avl 1310126 fraud/android/decrypted-old/url/url/fish_tag.avl 3252982 fraud/android/decrypted-old/url/url/fish_url_tag.avl 39321 fraud/android/decrypted-old/url/url/tag.avl 73 fraud/android/decrypted-old/url/url/white_re_tag.avl 399786 fraud/android/decrypted-old/url/url/white_tag.avl 0 fraud/android/decrypted/av/ 0 fraud/android/decrypted/av/avl/ 0 fraud/android/decrypted/av/avl/android/ 3761 fraud/android/decrypted/av/avl/android/avlpk_dec.avl 28800 fraud/android/decrypted/av/avl/android/avlpk_kw.avl 0 fraud/android/decrypted/av/avl/android/rckl/ 3976 fraud/android/decrypted/av/avl/android/rckl/avlpk_grayflag.avl 0 fraud/android/decrypted/av/avl/android/rugl/ 2224 fraud/android/decrypted/av/avl/android/rugl/avlpk_grayflag.avl 0 fraud/android/decrypted/av/avl/android/smcl/ 1140 fraud/android/decrypted/av/avl/android/smcl/avlpk_grayflag.avl 0 fraud/android/decrypted/av/avl/android/spdl/ 498 fraud/android/decrypted/av/avl/android/spdl/avlpk_grayflag.avl 0 fraud/android/decrypted/av/avl/conf/ 357 fraud/android/decrypted/av/avl/conf/liscense.conf 0 fraud/android/decrypted/url/ 0 fraud/android/decrypted/url/url/ 0 fraud/android/decrypted/url/url/conf/ 365 fraud/android/decrypted/url/url/conf/liscense.conf 534 fraud/android/decrypted/url/url/fish_re_tag.avl 756424 fraud/android/decrypted/url/url/fish_tag.avl 3487996 fraud/android/decrypted/url/url/fish_url_tag.avl 39321 fraud/android/decrypted/url/url/tag.avl 73 fraud/android/decrypted/url/url/white_re_tag.avl 402730 fraud/android/decrypted/url/url/white_tag.avl 510 fraud/android/decrypt-avl.py 550 fraud/android/decrypt-license.py 1835 fraud/android/decrypt-url.py 0 fraud/android/dexdump_FILES/ 112068 fraud/android/dexdump_FILES/112068.dex 5349828 fraud/android/dexdump_FILES/5349828.dex 6599908 fraud/android/dexdump_FILES/6599908.dex 7807708 fraud/android/dexdump_FILES/7807708.dex 10670736 fraud/android/dexdump_FILES/10670736.dex 1178 fraud/android/dumpall.sh 1235 fraud/android/dump-url.py 58091090 fraud/android/fraud_1.1.12_apkcombo.com.apk 5002859 fraud/android/hashes.csv 26576 fraud/android/hashmap-all.csv 19044 fraud/android/hashmap-gfw-domains.csv 3565 fraud/android/hashmap-phishing-domains.csv 6702 fraud/android/hashmap-phishing-links.csv 0 fraud/android/idb/ 198357 fraud/android/idb/libavlasys.idb 4290937 fraud/android/idb/libavlm.idb 934479 fraud/android/idb/libavlurl.idb 80314 fraud/android/idb/liburldetectorsys.idb 775 fraud/android/inflate.py 32168 fraud/android/matched.csv 1587 fraud/android/match-avl.py 3900 fraud/android/parse-avl.py 1369 fraud/android/parse-url.py 0 fraud/android/search/ 939 fraud/android/search.py 1290 fraud/android/search-domain.py 2321 fraud/android/search-url.py 9969395 fraud/android/search/ALL-phishing-domains.txt 61660162 fraud/android/search/ALL-phishing-links.txt 2103242 fraud/android/search/gfw-domains.txt 1048 fraud/android/search/selected.txt 2029 fraud/android/xxtea.py 0 fraud/ios/ 1205 fraud/ios/decrypt-localall.py 4863 fraud/ios/labels-uniq.txt 3440158 fraud/ios/localall.csv 4387356 fraud/ios/localall.txt 61677688 fraud/ios/国家反诈中心.i64 47679704 fraud/ios/国家反诈中心.ipa |
An article from Radio Free Asia (archive), via Human Rights in China's 2024-04-02 weekly brief (archive), says that police in China are inspecting people's phones to check for circumvention apps, and that people have been forced to install an "anti-fraud" (反诈骗) app that (at least) checks for installed circumvention software.
It's not clear to me the circumstances under which someone might have such an "anti-fraud" app installed. Are they pre-installed by phone providers? Automatically installed by phone repair shops? Installed by the police after any police encounter?
Has anyone acquired a sample of an "anti-fraud" app, in APK format or similar?
#254 is a previous thread that mentions "anti-fraud" apps.
Is there anything that can be done, in terms of circumvention, when the user's own device is not trustworthy? We almost always model the user's own computer as being uncontrolled by the censor. Is it an impossible situation, or are there any realistic countermeasures?
The Radio Free Asia article has a photograph of an SMS from the Hubei provincial police department notifying the owner that circumvention software was detected and telling them to uninstall it. Presumably the detection was the result of an "anti-fraud" app.
In 2018, a spyware app called 净网卫士 (Jingwang Weishi) was reverse-engineered by the OTF Red Team. They found many security flaws and partially mapped the backend infrastructure. That app was targeted at the Uyghur ethnic minority—a reminder that surveillance systems are usually first tested on more vulnerable and marginalized people before moving on to the rest of society.
https://www.opentech.fund/news/app-targeting-uyghur-population-censors-content-lacks-basic-security/
https://public.opentech.fund/documents/OTF_JingWang_Report_v2.pdf
The text was updated successfully, but these errors were encountered: