China’s Authorities Employ Innovative Hacking Tool to Extract Data from Seized Phones: Privacy Concerns Raised
In a recent disclosure, mobile cybersecurity firm Lookout has published a report detailing a new data extraction tool, known as Massistant, allegedly developed by Chinese tech conglomerate Xiamen Meiya Pico. This software is designed for the forensic extraction of data from Android devices, necessitating physical access to the devices by authorities.
Although the specific police agencies using Massistant are not definitively known, its widespread use is assumed, posing potential risks for both Chinese residents and travelers to the region. Kristina Balaam, a researcher at Lookout who analyzed the malware, stated, “It’s a significant concern. Anyone traveling in the region should be aware that the device they bring into the country could potentially be confiscated, and any data on it could be collected.”
Balaam has noted several online posts on Chinese forums where users have reported finding the malware installed on their devices following interactions with the police. The malware, which operates in conjunction with a desktop hardware tower, is described on Xiamen Meiya Pico’s website. While Lookout was unable to analyze the desktop component, and no compatible Apple device version of the malware has been found, the company’s website does suggest the possibility of an iOS version of Massistant for data extraction from Apple devices.
Police do not require sophisticated techniques to utilize Massistant, as individuals are reportedly asked to hand over their devices. Since 2024, China’s state security police have had legal powers to search through phones and computers without a warrant or an active criminal investigation.
The advantage is that Massistant leaves traces of its compromise on the seized device, enabling users potentially to identify and delete the malware, either by locating it as an app or using more advanced tools such as the Android Debug Bridge. However, once installed, the damage has already been done, and authorities will have access to the user’s data.
Massistant is reportedly the successor of a similar mobile forensic tool made by Xiamen Meiya Pico called MSSocket, which security researchers analyzed in 2019. The company holds approximately 40% of the digital forensics market share in China and was sanctioned by the US government in 2021 for its role in supplying its technology to the Chinese government.
Balaam noted that Massistant is just one component of a larger ecosystem of spyware or malware produced by Chinese surveillance tech manufacturers. The researcher also reported tracking at least 15 different malware families in China.
