Jingwang Weishi on:
[Wikipedia]
[Google]
[Amazon]
Jingwang Weishi () is a content-control
/ref> It is known for its use by the police in
Police in China have reportedly forced
mobile app
A mobile application or app is a computer program or software application designed to run on a mobile device such as a phone, tablet, or watch. Mobile applications often stand in contrast to desktop applications which are designed to run on d ...
developed by Shanghai Landasoft Data Technology Inc.Alt URL/ref> It is known for its use by the police in
Xinjiang
Xinjiang, SASM/GNC: ''Xinjang''; zh, c=, p=Xīnjiāng; formerly romanized as Sinkiang (, ), officially the Xinjiang Uygur Autonomous Region (XUAR), is an autonomous region of the People's Republic of China (PRC), located in the northwest ...
, China.
Function
In 2018, a research team of analysts conducted a thorough report on Jingwang Weishi. When the application is first installed, it sends a request to the base server. The server responds with a JSON object containing a list of MD5 hashes, which the program stores in a localSQLite
SQLite (, ) is a database engine written in the C programming language. It is not a standalone app; rather, it is a library that software developers embed in their apps. As such, it belongs to the family of embedded databases. It is the m ...
database.
The application records the "essential information", as the program's code calls it, of its device. Specifically, the essential information consists of the device's International Mobile Equipment Identity
The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also ...
(IMEI) number, MAC address
A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking tec ...
, manufacturer, model, phone number, and international mobile subscriber identity
The international mobile subscriber identity (IMSI) is a number that uniquely identifies every user of a cellular network. It is stored as a field and is sent by the mobile device to the network. It is also used for acquiring other details of th ...
(IMSI) number.
Jingwang Weishi also performs file scans on the device. It looks for files with the extensions 3GP, AMR, AVI, WEBM
WebM is an audiovisual media file format. It is primarily intended to offer a royalty-free alternative to use in the HTML5 video and the HTML5 audio elements. It has a sister project, WebP, for images. The development of the format is sponsored ...
, FLV
Flash Video is a container file format used to deliver digital video content (e.g., TV shows, movies, etc.) over the Internet using Adobe Flash Player version 6 and newer. Flash Video content may also be embedded within SWF files. There are t ...
, IVX, M4A, MP3
MP3 (formally MPEG-1 Audio Layer III or MPEG-2 Audio Layer III) is a coding format for digital audio developed largely by the Fraunhofer Society in Germany, with support from other digital scientists in the United States and elsewhere. Origin ...
, MP4, MPG, RMVB
RealMedia Variable Bitrate (RMVB) is a variable bitrate extension of the RealMedia multimedia digital container format developed by RealNetworks.
As opposed to the more common RealMedia container, which holds streaming media encoded at a constant b ...
, RAM
Ram, ram, or RAM may refer to:
Animals
* A male sheep
* Ram cichlid, a freshwater tropical fish
People
* Ram (given name)
* Ram (surname)
* Ram (director) (Ramsubramaniam), an Indian Tamil film director
* RAM (musician) (born 1974), Dutch
* ...
, WMA, WMV
Windows Media Video (WMV) is a series of video codecs and their corresponding video coding formats developed by Microsoft. It is part of the Windows Media framework. WMV consists of three distinct codecs: The original video compression technology ...
, TXT, HTML
The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaSc ...
, CHM, PNG, and JPG. It then records specific metadata for each file, consisting of each file's name, path, size, MD5 hash, and the MD5 hash of the MD5 hash. After the scan, the program compares the files' MD5 hashes with the database of hashes it received from the base server. Any files that match are deemed "dangerous". The user is presented with a list of the "dangerous" files and is instructed to delete them. If the user taps on the bottom-right button, a screenshot of the list is saved in the device's image gallery, in the format yyyy-MM-dd_HH-mm-ss.jpg.
The application uploads device data by compressing two files named jbxx.txt and files.txt into a ZIP file named JWWS.zip. The jbxx.txt contains the device's "essential information". The files.txt contains the metadata of the "dangerous" files found on the user's device. If no files have been deemed "dangerous", files.txt will not be sent.
The analyst team did not find any backdoor
A back door is a door in the rear of a building. Back door may also refer to:
Arts and media
* Back Door (jazz trio), a British group
* Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel.
* Works so titl ...
features built into the application. However, it does request for permissions when installed that could be used maliciously in future updates. Among other permissions, it requests the ability to start itself as soon as the system has finished booting. This permission is not used by the application, as it only performs its functionality when it is in main view. However, future updates could allow it to start and begin scanning the user's device right after it has finished booting, unknown to the user.
The application updates itself by downloading newer APKs (Android app files) from another server. The application checks for newer versions every time it is loaded; it does so by comparing its current version with a version file located on the server. If a later version is found, the application will download it, open it, and prompt the user to install it. To download a new version of its APK, the application makes an HTTP request to the update server's URL using the syntax http:///APP/GA_AJ_JK/GA_AJ_JK_GXH.apk?AJLY=650102000000 , which performs a download of the APK file.
The application also makes periodic requests to the base server to update its local database of MD5 hashes of "dangerous" files.
The application creates four files during its lifecycle:
* /sdcard/JWWS/GA_AJ_JK_GXH.apk
* /sdcard/JWWS/JWWS/shouji_anjian/jbxx.txt
* /sdcard/JWWS/JWWS/shouji_anjian/files.txt
* /sdcard/JWWS/JWWS/shouji_anjian/JWWS.zip
Once these files are used, they are immediately deleted.
Data is transferred in plaintext and over insecure HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...
. As a result, the application has several vulnerabilities. Someone on the local network would see all communication between a user's phone and the server. Anyone performing a man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
, intercepting traffic between the phone and the server and modifying it, can read sensitive user information or frame a user by reporting incorrect file metadata to the authorities. Since the APK file's validity is not verified when updating, a man-in-the-middle attacker could also supply any APK they wanted to the application, which the user would be asked to update to.
The base and update server are located at the domain http://bxaq.landaitap.com. This domain resolved to 47.93.5.238 in 2018, when the analysts wrote their report, and as of 2020, resolved to 117.190.83.69. Both IP address locations are in China. The update server is located at port 8081, while the base server is located at port 22222.
Mandatory use
Police in China have reportedly forced Uyghurs
The Uyghurs; ; ; ; zh, s=, t=, p=Wéiwú'ěr, IPA: ( ), alternatively spelled Uighurs, Uygurs or Uigurs, are a Turkic ethnic group originating from and culturally affiliated with the general region of Central and East Asia. The Uyghur ...
in Xinjiang
Xinjiang, SASM/GNC: ''Xinjang''; zh, c=, p=Xīnjiāng; formerly romanized as Sinkiang (, ), officially the Xinjiang Uygur Autonomous Region (XUAR), is an autonomous region of the People's Republic of China (PRC), located in the northwest ...
to download the application as part of a mass surveillance campaign on the eve of the 19th National Congress of the Chinese Communist Party
The 19th National Congress of the Chinese Communist Party (commonly referred to as ''Shíjiǔ Dà''; ) was held at the Great Hall of the People, Beijing, between 18 and 24 October 2017. 2,280 delegates represented the party's estimated 89 milli ...
. They checked to ensure that individuals have it installed on their phones, and have arrested individuals who refused to do so.
See also
* Green Dam Youth Escort, a similar but now discontinued content-control program *Xuexi Qiangguo
''Xuexi Qiangguo'' () is a Chinese app primarily designed to teach Xi Jinping Thought. It is designed by Alibaba Group. As of October 2019, it has more than 100 million active users and is now claimed to be the most downloaded item on Apple's do ...
, the CCP auto-study app developed by Alibaba
References
{{reflist Android (operating system) software Mass intelligence-gathering systems Science and technology in the People's Republic of China Xinjiang conflict Content-control software