Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Mobile App Companies Are a National Security Risk, Says a Top Democrat (cnet.com)

Posted by msmash on from the growing-tension dept.

Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community.

Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

76 comments

  1. Why such narrow wording? by Anonymous Coward · · Score: 0

    Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE

    More generally, all unaudited software that you run poses a security risk. And all proprietary software is unauditable.

    If your computers have access to anything important (an example of something important would be .. oh, I don't know .. THE USER HIMSELF) then you shouldn't be running any proprietary software, since there is 0% chance that you know what it does. And you shouldn't be surprised if it does something hostile, since the entire reason it's proprietary is that its maker wanted the software to serve them, instead of you.

    1. Re: Why such narrow wording? by WindBourne · · Score: 1

      China is a very high risk, as is anything by Russia, or their allies.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    2. Re: Why such narrow wording? by Anonymous Coward · · Score: 0

      USA spied and is till spying on it's allies

    3. Re: Why such narrow wording? by Anonymous Coward · · Score: 0

      China is a very high risk, as is anything by Russia, or their allies.

      What stops the Chinese government (or any government) from:
          * Setting up a front company in the USA which publishes an app.
          * Getting an employee inside an american company to put some malicious code in an app.

    4. Re:Why such narrow wording? by Narcocide · · Score: 1

      Agreed. Proper wording: Mobile apps are a risk.

    5. Re: Why such narrow wording? by Anonymous Coward · · Score: 0

      They share data that the others can't legally access. Convenient bed fellows.

  2. China's is not a legitimate government - at all by Anonymous Coward · · Score: 0

    Stop buying Chinese-government state-owned products. Even a retard like Trump isn't entirely wrong about resisting them, feckless and ineffective and blustering and STUPID as he is.

    1. Re:China's is not a legitimate government - at all by fustakrakich · · Score: 1

      Even a retard like Trump isn't entirely wrong about resisting them...

      Right?

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:China's is not a legitimate government - at all by OrangeTide · · Score: 1

      He can be right and a hypocrite at the same time.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:China's is not a legitimate government - at all by fustakrakich · · Score: 2

      The message sent? Words have no meaning.

      --
      “He’s not deformed, he’s just drunk!”
  3. What about Apple phones by slash.jit · · Score: 1

    How do we know that the Chinese have not put some machine/hardware level malware in the Apple phones electronics ?

    1. Re:What about Apple phones by Kohath · · Score: 3, Interesting

      How do we know that the Chinese have not put some machine/hardware level malware in the Apple phones electronics ?

      You know this kind of thing doesn't happen, right? There are hundreds of millions of iPhones. So you'd need an enormous, industrial level conspiracy to get extra hardware in them. And all it would take to unravel the biggest espionage operation in world history is for one person to find one strange thing with one phone. The iPhone is the world's most scrutinized product.

      It's not even believable enough for a movie script.

    2. Re:What about Apple phones by Anonymous Coward · · Score: 0

      apple is probably behind all this Huawei and ZTE hate. I would not put anything past this totally unethical company.

    3. Re:What about Apple phones by slash.jit · · Score: 1

      whats wrong with starting a conspiracy theory ?
      lets have some fun

    4. Re:What about Apple phones by Kohath · · Score: 1

      whats wrong with starting a conspiracy theory ?
      lets have some fun

      It's not fun. People believe that shit and then don't get their kids vaccinated and then their kids die of measles. People believe all kinds of false or exaggerated stories and they make their lives and the lives of the people around them worse.

    5. Re:What about Apple phones by Kohath · · Score: 1

      I never saw any ZTE hate. ZTE got caught transferring technology against export controls, made a deal with authorities to stop it and punish those responsible, and then got caught cheating on the deal.

      The historical Huawei hate always seemed weirdly organized though, like someone was orchestrating it.

    6. Re:What about Apple phones by geek · · Score: 1

      Except its not really a conspiracy. This is why Huawei is banned for gov use in the USA. The NSA and CIA have been found to tamper with US equipment in customs on its way to other nations. China has done the same a number of times.

      Phones may be different but there is a lot of history of this with other tech.

    7. Re:What about Apple phones by Kohath · · Score: 1

      Yeah, it's possible to tamper with a few devices. It isn't possible to tamper with a few hundred million devices.

    8. Re:What about Apple phones by DNS-and-BIND · · Score: 1

      The CIA did precisely this to the Soviet Union during the Cold War. It's not a stupid conspiracy theory. It is absolutely believable because it really happened. Why do you think the CIA is shouting so loudly about this?

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    9. Re:What about Apple phones by Anonymous Coward · · Score: 0

      How do we know that the Chinese have not put some machine/hardware level malware in the Apple phones electronics ?

      You know this kind of thing doesn't happen, right? There are hundreds of millions of iPhones. So you'd need an enormous, industrial level conspiracy to get extra hardware in them.

      Umh, you literally just need to have control of the factory that manufactures one of the chips in it.
      Or the factory that does the assembly of them so that you can replace one of the chips.
      It doesn't even need to be an upper level management thing. Just a guy at the right spot dealing with purchases will do the trick.

    10. Re:What about Apple phones by Anonymous Coward · · Score: 0

      Unless you own the factory where they are assembled, then it is easier to tamper with all the devices than just a subset of them.

    11. Re:What about Apple phones by Kohath · · Score: 1

      Someone would find ersatz parts or code in that many devices.

  4. Does being beholden to a board/shareholders help? by Anonymous Coward · · Score: 0

    Was Facebook/Twitter not a state/national security risk come election time?

  5. Because of monitoring by SuperKendall · · Score: 4, Interesting

    Lots of people (including myself) spend a lot of time with all iPhone networking traffic going through web proxies. We'd especially notice some odd connections going off to China...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Because of monitoring by Anonymous Coward · · Score: 0

      How do you know if the IP is not spoofed to look like it is coming from China? Especially when CIA/NSA has been known to have done that before.

    2. Re:Because of monitoring by grep+-v+'.*'+* · · Score: 2

      We'd especially notice some odd connections going off to China

      No you wouldn't. Those crafty devils are hiding data BETWEEN the bits where you don't normally look. Durn Fernegners!

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    3. Re:Because of monitoring by OrangeTide · · Score: 1

      Huawei has a big office in Santa Clara, CA. They're so damn secretive over there most employees don't know what projects are done in their own building.

      --
      “Common sense is not so common.” — Voltaire
    4. Re:Because of monitoring by Anonymous Coward · · Score: 0

      Chinese bits are slanted which allows them to get through proxies undetected

    5. Re:Because of monitoring by Anonymous Coward · · Score: 0

      How the hell does that help?

      First off, there's no way to know that it doesn't just not bother sending anything if behind a proxy. And because you're apparently monitoring the web proxy and not all traffic, you have no idea if it attempts to connect directly without going through the traffic. But more likely it just sees if the proxy is set for the given location and doesn't attempt to connect to control servers if it is. It's malware 101: hide from monitoring attempts.

      Beyond that, you're assuming it's sending data to China and not to control servers located elsewhere. The obvious answer is to forward through the US. Thanks to Bloomberg, we know that iCloud was likely compromised by Chinese backdoor hardware. So you just proxy the data yourself through iCloud and, thanks to everything being encrypted, it looks just like any other traffic that should be there.

      Because Apple is a blackbox, they cannot be trusted.

    6. Re:Because of monitoring by Anonymous Coward · · Score: 0

      Fact that you don't is telling.. They are there, hundreds depending on what applications you have installed. Several vendors have their backends still in China (HTC being one). The other serious problem are Foreign companies setting up hosting in NA as a front (CDN's are abused for this too).

      Bottom line is from mobile games to PC, there is a fucktonn of traffic that is exfiltrated back. And yes, updates do frequently contain backdoors.

    7. Re:Because of monitoring by DigiShaman · · Score: 1

      How do you readily discern whether or not SSL traffic is from an app or browser traffic?

      --
      Life is not for the lazy.
    8. Re:Because of monitoring by Phylter · · Score: 1

      You're assuming that they don't have an OS level piece that allows their traffic to bypass VPN. In the world of cybersecurity just assume anything is possible.

    9. Re:Because of monitoring by SuperKendall · · Score: 1

      First off, there's no way to know that it doesn't just not bother sending anything if behind a proxy

      Yes, possibly, but there is also Charles on IOS now, which works as a VPN and not a proxy... I don't see anything on there either.

      Beyond that, you're assuming it's sending data to China and not to control servers located elsewhere.

      I'm looking for odd traffic regardless of destination and try to figure out what it is transmitting.

      Basically there are enough people watching here and there that if something were there, people would notice. Like I said I'm not the only one doing this.

      we know that iCloud was likely compromised by Chinese backdoor hardware.

      *Rolls eyes*

      We know the opposite actually, thanks for playing. I'll just leave you to play with your tinfoil hat.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    10. Re:Because of monitoring by Rob+Riggs · · Score: 1

      Sure... like only leaking data when the phone is connected to a certain rogue LTE nodes...

      --
      the growth in cynicism and rebellion has not been without cause
    11. Re:Because of monitoring by Anonymous Coward · · Score: 0

      Would you really notice if you hit a China telecom IP in rackspace, if they then bundle it up and ship it back over their backend connections?
      China Telecom has points of presence in the UK, the US and is looking to expand to the EU... (see: www.ctexcel.us) so if you think geoip will save you...

  6. Corporate controlled hardware... by Anonymous Coward · · Score: 1

    Is the National Security Risk for (Pick Your Nation).

    Maybe when politicians realize that, and start pressuring companies to produce hardware that is end-user or institution controlled and managed, we will finally have some real security that will be immune to the threat of 'chinese mobile apps' or any other corporate apps (like microsoft, facebook, google, yandex, apple (even if they claim otherwise), etc. All of whom have the same or even more invasive levels of access to personal data, before handing over backdoors to foreign or domestic government agencies.)

    If they were really concerned about security they would take a stand, even if unpopular, to ensure control and rights remain in the hands of the end users or organization in the case of institution issued devices. Doing otherwise is neglectful, ignorant, and/or outright malicious.

  7. Racist undertone. by Anonymous Coward · · Score: 0

    Pure racism. Why single out the Chinese when, for example, Facebook does it? There need to be universal standards, not singling out a single ethnic group in the current trade war with East Asia.

    1. Re:Racist undertone. by MrMr · · Score: 1

      We have always been at war with Eastasia.

    2. Re:Racist undertone. by OrangeTide · · Score: 4, Insightful

      Is this really about an ethnic group or is it about one big government versus another big government? I like to think that superpower politics are more subtle than race.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:Racist undertone. by Ryanrule · · Score: 1

      Govt vs govt. Any major Chinese company is govt controlled. To think otherwise is ignorant and foolish.

    4. Re: Racist undertone. by TJHook3r · · Score: 1

      It's not racist if it's true

    5. Re:Racist undertone. by Anonymous Coward · · Score: 0

      If you think you can defend yourselves against the folks you pay taxes to... you're in for a shock.

      Chinese companies are beholden for similar reasons, as american tech companies...http://cryptome.org/isp-spy/online-spying.htm
      Lawful Intercept, National Security Letters, reasonable fees... even american companies are not immune from capitalizing on what they've been compelled to do.

  8. welcome to hysterialand by Anonymous Coward · · Score: 0

    “We have a long way to go on cyber hygiene and online media consumption habits,” Sen. Mark Warner.
    That sound like phrase the you only will hear from a Chinese official. But not is an U.S. Senator. LOL.

  9. THERE WILL BE CONSEQUENCES NAZI FAGGOT KEN DOLL by Anonymous Coward · · Score: 0

    THERE WILL BE CONSEQUENCES FOR YOUR LIES NAZI FAGGOT KEN DOLL

    Filter error: Don't use so many caps. It's like YELLING. Filter error: Don't use so many caps. It's like YELLING.

  10. Well, it's a repressive dictatorship, for one by XXongo · · Score: 5, Insightful

    Pure racism. Why single out the Chinese when, for example, Facebook does it?

    Because Facebook merely wants to sell you ads. China actually is an authoritarian dictatorship.

    It's easy enough to blur the two together, but really, it's false equivalency.

    1. Re:Well, it's a repressive dictatorship, for one by Anonymous Coward · · Score: 0

      Are these Chinese mobile apps written by the Chinese government? This is also a false equivalency.

      China is an authoritarian dictatorship. The US is essentially a corporatist led democracy. Not much difference in the end.

    2. Re:Well, it's a repressive dictatorship, for one by Anonymous Coward · · Score: 0

      Well... you can bet your ass that facebook will comply with the law if they're compelled to do so. You might even hear about it because they might fight it openly in court... Now chinese app companies on the other hand? Nobody wants to get black bagged, and you can bet they will follow the law if compelled...And you'll probably never hear anything about it... ever.

  11. Of course they are by WindBourne · · Score: 1

    Only an idiot downloads without checking more about the source. Sadly, many do it.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  12. All apps are a security concern imo by Anonymous Coward · · Score: 0

    Your mobile browser typically doesn't have the excessive permissions an app has.

    Your browser isn't going to access your mic, camera, contacts, storage, etc.

    Too many instances where apps have been caught hoovering up data they have no business even having access to.

    The more apps you use, the less secure your data is.

  13. Pick your favorite social network by Anonymous Coward · · Score: 0

    Is this any different than what many, if not all, social networks that earn profit through advertising do with your data? Some are pretty tricky about it, too. Look at the 10 million euro fine by an Italian agency against Face Book for making it difficult to figure out where your data goes. And what are the US three letter agencies doing with your data? Much of this hand wringing about data interception is highly hypocritical.

  14. US is creating its own enemies by presidenteloco · · Score: 1, Insightful

    current attitudes in Washington are making adversaries / enemies out of nations that might have been just as happy to co-operate economically.

    This applies to China in particular. It's probably mostly paranoid, xenophobia and racism driving it.

    Thanks for re-starting the cold-war, dufuses.

    --

    Where are we going and why are we in a handbasket?
    1. Re:US is creating its own enemies by WindBourne · · Score: 1

      I agree that Trump is certainly destroying our relationship with allies, but as far as China goes, they have been in an economic war with the west for the last 30 years.
      They were required to drop their massive number of tariffs, as well as quit manipulating their money, and instead, they continue to raise tariffs and heavily manipulate their money, as well as subsidize and dump.

      The cold war with China was already going on.
      And as to Russia, it was Russia that invaded Georgia and Ukraine. Ask the Eastern European how they feel about it as well as Germany holding NATO back from helping the east more.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    2. Re:US is creating its own enemies by j35ter · · Score: 1

      Eastern European here.
      Get the Fuck Out of East Europe.

      Best regards

      --
      Delta-Mike November Bravo Tango
    3. Re:US is creating its own enemies by WindBourne · · Score: 1

      Da Da, ya uveren, chto vashi bossy khotyat, chtoby Amerika ushla s dorogi.

      So, do you make good money now that you are out of military and working directly for bortnikov?

      --
      I prefer the "u" in honour as it seems to be missing these days.
  15. He's saying don't shitpost so much by presidenteloco · · Score: 1

    It's unhygienic.

    As is excessive Pr0n consumption.

    Speaking of which, I think a good explanation for Trump's insane pottymouth tweet-stream is his dumbphone (specially altered smartphone) has been hacked, via a mobile porn site, by the Chinese, and they have a war-room staffed by their greatest state-loyal comedians, carefully crafting Trump's every tweet.

    --

    Where are we going and why are we in a handbasket?
  16. Damn Dems Scared Of Their Own Shit by Anonymous Coward · · Score: 0

    If a republican said this then, and only then, should it be a consideration. You know if a republican says something is bad, it is bad, for real bad. I await my party's signal to torch the chinese apps and upon getting said signal, I shall do it to it.

  17. No Worries Mate by Anonymous Coward · · Score: 0

    Huawei are ahead of the game, getting ready for the Aussie market. No security risks here.

  18. The Play Store has become a cess pool. by NextApp · · Score: 1

    Buying paid reviews is common. And it's blatantly obvious, e.g., when one of my apps gets a review with a comment, it tends to be a sentence or two in length; most of the competitive apps in my space have pages of three-word, five star reviews, clustered together. Google does not appear to care. Most tend to be from a single particular country.

    It's also worth noting that using the Google Play Store is NOT ALLOWED in China. So when you're a developer there doing this kind of stuff, you're 100% guaranteed not to be committing fraud against your own country's citizens.

    Many developers also use a "whack-of-mole" strategy, distributing basically the same app by multiple "companies". In the unlikely event one actually gets taken down, the effect is negligible.

    So it's litigation proof. The reviews look great. The apps are pretty enough. Google doesn't care. Users never seem to wonder how the company is actually going to make money on something that appears "entirely free".

    My genuine competitors and myself are being destroyed by this. The overall quality of the *average* user's smartphone experience is worse today than it ever has been as a result. I believe this problem is a key factor in why we're seeing the momentum of the smartphone market collapse.

    1. Re:The Play Store has become a cess pool. by Anonymous Coward · · Score: 0

      Are you an irrational statist faggot?

      Why don't you just buy your own fake reviews, like a real capitalist, instead of whining about it?

    2. Re: The Play Store has become a cess pool. by TJHook3r · · Score: 1

      I don't get an app unless the reviewers appear to have a broad range of written styles and names. It's pretty obvious that most of the first hundred/thousand reviews of an app are family/friends/bots

  19. Democrats nat'l security risk, say top Chinese by Anonymous Coward · · Score: 0

    "Chinese mobile app companies are saying national security risk are top democrats."

    Not very credible, but - more credible than statements by US lawmakers, that's for sure.

  20. The answer will surprise you... by Narcocide · · Score: 1

    Nothing. Nothing at all. For that matter what would stop an actual US citizen from doing the same thing for fun or for profit? Again, it's fucking nothing.

    1. Re:The answer will surprise you... by WindBourne · · Score: 1

      The difference is probability. Chinese companies MUST do what Chinese gov says. OTOH, we are paying attention to companies that are being set up in America.
      For example, google for Global IP, and satellites. This is a company designed from the ground up to steal Sat tech. That is one out of many sat companies that are not about sending tech to China.

      Now, with that said, obviously security through obfuscation or by nationalism, is not 100% successful .

      --
      I prefer the "u" in honour as it seems to be missing these days.
    2. Re: The answer will surprise you... by Anonymous Coward · · Score: 0

      Because American companies can't be compelled by the govt to do things and also have it be illegal to tell anyone what they ate doing.

      You have no credibility here,or it would seem,even common sense.

  21. Who is the bottom? by Anonymous Coward · · Score: 0

    Is there a top or not website? I want to vote too!

  22. US social services are a national security risk by kaur · · Score: 1

    to any other nation than US.
    And maybe even to US.

  23. You're just delusional WindBourne by Anonymous Coward · · Score: 0

    Currency manipulation? 30 year economic war? Lay off the crack pipe gramps.

  24. Trust American to not have backdoors !! LOL by Anonymous Coward · · Score: 0

    Trust American to not have backdoors !! LOL

    You pathetic cocksucker of corporate America.

  25. No difference China bad USA good by Anonymous Coward · · Score: 0

    Filter error: You can type more than that for your comment.

  26. Learn English Ivan by Anonymous Coward · · Score: 0

    Ask the Eastern European

    I asked him. He said he wasn't sure, and to ask one of the other 10's of millions of them.

  27. Checking a source, that's a bit rich by Anonymous Coward · · Score: 0

    Coming from you thats got to be a joke. You have built a reputation upon not checking the sources and denying facts you don't like.

    Go troll elsewhere WindBourne.

  28. not like America sabotaged encryption standards by Anonymous Coward · · Score: 0

    Oh wait they did exactly that...

    Go peddle your lies and trolls elsewhere WindBourne.

  29. Where doe this stop? by Anonymous Coward · · Score: 0

    If we don't trust Chinese companies and they don't trust ours, is there some independent, trusted source that can or will validate software and or hardware? Somehow this seems like a pretty slippery slope ...

  30. Funny.. by SuperDre · · Score: 1

    Pointing fingers to others while you yourself are much better at it.... The US shouldn't be such hypocrites as rhey do it themselves much worse to other countries and to their own citizens...

  31. with a proper security model ... by epine · · Score: 1

    With a proper security model, suspect Android downloads could be sandboxed with permissions to do SFA, and all the IP endpoints it initiates could be thoroughly logged.

  32. not just CO2 WindBourne lies about China everythng by Anonymous Coward · · Score: 0

    more Windy lies