Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say

The spying tools have been in use for years.
china surveillance
A street scene in Turpan, Xinjiang. Lookout discovered Chinese efforts to surveil Uighurs, a Turkic-speaking Muslim minority who live in China’s Xinjiang province. (Getty Images)

A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority.

Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery.

Some of the hacking tools have been in use for more than five years, but Lookout pieced them together into a vast spying effort tied to the Chinese government, underscoring the pervasive nature of the surveillance and the challenges of uncovering all of it.

“Our research found that there are eight malware families meant to stealthily spy on this ethnic minority at the minimum, with some of them expanding even more broadly in their targeting,” said Kristin Del Rosso, Lookout’s senior security intelligence engineer. One of those malware families was revealed in a 2013 report from the University of Toronto’s Citizen Lab.


For years, cybersecurity analysts have uncovered similar code and showed how it is central to Chinese efforts to surveil the Uighurs, a Turkic-speaking Muslim minority who live in China’s Xinjiang province. The Chinese government has detained more than 1 million ethnic minorities, many of them Uighur Muslims, in prison camps in the name of “counterterrorism” and security — repression that human rights groups have denounced.

The surveillance campaigns tracked by Lookout extend far beyond China. The hacking kits appear to have been used against people in 14 countries, the researchers said, from Pakistan to Turkey. Most of them are Muslim-majority and on a list of “sensitive countries” where Chinese authorities closely track the movements of travelers from Xinjiang. Xinjiang residents who have traveled to those countries have been interrogated and detained by Chinese authorities, according to Human Rights Watch.

Like other hackers, both criminal and government-backed, the suspected Chinese hackers are using phishing and fake app-stores rather than the official, and better protected, Google Play Store to distribute their code.

It’s not just Android phones that have been the target of surveillance campaigns against Uighurs. Last September, Apple confirmed that Uighurs were the focus of a barrage of hacking against iPhones.

The Trump administration has tried to punish Chinese surveillance companies whose technology is used to patrol Xinjiang by adding them to an export blacklist in October. On Wednesday, multiple federal agencies warned U.S. businesses and academic institutions that operating in Xinjiang, or using labor or goods from the region, exposed them to “reputational, economic and legal risks.”


For Lookout, the hunt for surveillance apps will continue.

“There may yet be additional campaigns targeting this particular group, as well as others with contentious relationships with the Chinese government…it is just a matter of continuing to investigate and piece known activity together,” Del Rosso told CyberScoop.

The Chinese Embassy in Washington, D.C., did not respond to a request for comment on the Lookout research.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts