Jingwang Weishi

Jingwang Weishi (Chinese: 净网卫士; lit. 'Clean Net Guardian') is a content-control mobile app developed by Shanghai Landasoft Data Technology Inc.[1] It is known for its use by the police in Xinjiang, China.[2][3]

Function

In 2018, a research team of analysts conducted a thorough report on Jingwang Weishi.[1]

When the application is first installed, it sends a request to the base server. The server responds with a JSON object containing a list of MD5 hashes, which the program stores in a local SQLite database.[1]

The application records the "essential information", as the program's code calls it, of its device. Specifically, the essential information consists of the device's International Mobile Equipment Identity (IMEI) number, MAC address, manufacturer, model, phone number, and international mobile subscriber identity (IMSI) number.[1]

Jingwang Weishi also performs file scans on the device. It looks for files with the extensions 3GP, AMR, AVI, WEBM, FLV, IVX, M4A, MP3, MP4, MPG, RMVB, RAM, WMA, WMV, TXT, HTML, CHM, PNG, and JPG. It then records specific metadata for each file, consisting of each file's name, path, size, MD5 hash, and the MD5 hash of the MD5 hash.[1] After the scan, the program compares the files' MD5 hashes with the database of hashes it received from the base server. Any files that match are deemed "dangerous". The user is presented with a list of the "dangerous" files[1] and is instructed to delete them.[3][4] If the user taps on the bottom-right button, a screenshot of the list is saved in the device's image gallery, in the format yyyy-MM-dd_HH-mm-ss.jpg.[1]

The application uploads device data by compressing two files named jbxx.txt and files.txt into a ZIP file named JWWS.zip. The jbxx.txt contains the device's "essential information". The files.txt contains the metadata of the "dangerous" files found on the user's device. If no files have been deemed "dangerous", files.txt will not be sent.[1]

The analyst team did not find any backdoor features built into the application. However, it does request for permissions when installed that could be used maliciously in future updates. Among other permissions, it requests the ability to start itself as soon as the system has finished booting. This permission is not used by the application, as it only performs its functionality when it is in main view. However, future updates could allow it to start and begin scanning the user's device right after it has finished booting, unknown to the user.[1]

The application updates itself by downloading newer APKs (Android app files) from another server. The application checks for newer versions every time it is loaded; it does so by comparing its current version with a version file located on the server. If a later version is found, the application will download it, open it, and prompt the user to install it. To download a new version of its APK, the application makes an HTTP request to the update server's URL using the syntax http://<update_server_IP_and_port>/APP/GA_AJ_JK/GA_AJ_JK_GXH.apk?AJLY=650102000000, which performs a download of the APK file.[1]

The application also makes periodic requests to the base server to update its local database of MD5 hashes of "dangerous" files.[1]

The application creates four files during its lifecycle:[1]

  • /sdcard/JWWS/GA_AJ_JK_GXH.apk
  • /sdcard/JWWS/JWWS/shouji_anjian/jbxx.txt
  • /sdcard/JWWS/JWWS/shouji_anjian/files.txt
  • /sdcard/JWWS/JWWS/shouji_anjian/JWWS.zip

Once these files are used, they are immediately deleted.[1]

Data is transferred in plaintext and over insecure HTTP. As a result, the application has several vulnerabilities. Someone on the local network would see all communication between a user's phone and the server. Anyone performing a man-in-the-middle attack, intercepting traffic between the phone and the server and modifying it, can read sensitive user information or frame a user by reporting incorrect file metadata to the authorities. Since the APK file's validity is not verified when updating, a man-in-the-middle attacker could also supply any APK they wanted to the application, which the user would be asked to update to.[1]

The base and update server are located at the domain http://bxaq.landaitap.com[permanent dead link]. This domain resolved to 47.93.5.238 in 2018, when the analysts wrote their report,[1] and as of 2020, resolved to 117.190.83.69.[5] Both IP address locations are in China.[6] The update server is located at port 8081, while the base server is located at port 22222.[1]

Mandatory use

See also: Persecution of Uyghurs in China
Notice issued by the Ürümqi Government requiring mobile phone users to download the "self-check" software

Police in China have reportedly forced Uyghurs in Xinjiang to download the application as part of a mass surveillance campaign on the eve of the 19th National Congress of the Chinese Communist Party.[3] They checked to ensure that individuals have it installed on their phones, and have arrested individuals who refused to do so.[3][7]

See also

References

  1. ^ a b c d e f g h i j k l m n o p Open Technology Fund. "Jingwang Report" (PDF). opentech.fund. Archived (PDF) from the original on 2018-08-31. Alt URL
  2. ^ Cox, Joseph (April 9, 2018). "Chinese Government Forces Residents To Install Surveillance App With Awful Security". Vice Media.
  3. ^ a b c d Rajagopalan, Megha; Yang, William (April 9, 2018). "China Is Forcing People To Download An App That Tells Them To Delete "Dangerous" Photos". BuzzFeed News.
  4. ^ "An internment camp for 10 million Uyghurs, Meduza visits China's dystopian police state". Medusa Project. 1 October 2018. Retrieved 3 October 2018.
  5. ^ "DNS Checker - DNS Check Propagation Tool". DNS Checker. Retrieved 2020-08-30.
  6. ^ "IP Location Finder - Geolocation". www.iplocation.net. Retrieved 2020-11-12.
  7. ^ Ashok, India (July 25, 2017). "What is Jingwang? China's Muslim minority forced to install spyware on their phones". International Business Times.

Read other articles:

بنيامين كينيكوت

بنيامين كينيكوت معلومات شخصية الميلاد 4 أبريل 1718[1]  ديفون،  وتوتنس  الوفاة 18 سبتمبر 1783 (65 سنة) [1]  كورنوال،  وأكسفورد  مواطنة مملكة بريطانيا العظمى المملكة المتحدة  عضو في الجمعية الملكية  الحياة العملية المدرسة الأم كلية وادهام  المهنة كاهن أ...

 

Cyclone-4M

Ukrainian small-lift rocket Cyclone-4MFunctionCarrier rocketManufacturer Pivdenne (design) Pivdenmash (manufacturing) Khartron (control system) Country of originUkraineProject cost$304M (projection, $148M spaceport included)[1]Cost per launch$45M[2]-$60M[1] (projections)SizeHeight38.7 m (127.0 ft)[3]Diameter4.0 m (13 ft)[3]Stages2Capacity Payload to 200 km LEO (45.3°)Mass5,000 kg (11,000 lb)[4]Payload to 500 km LEO...

 

Município de Vernon (condado de Scioto, Ohio)

Município de Vernon (condado de Scioto, Ohio)GeografiaPaís  Estados UnidosEstado OhioCondado Condado de SciotoÁrea 91,43 km2Altitude 187 mCoordenadas 38° 44′ 02″ N, 82° 45′ 50″ ODemografiaPopulação 1 891 hab. (2020)Densidade 20,7 hab./km2 (2020)FuncionamentoEstatuto município de OhioIdentificadoresCode FIPS 39-79828GNIS 1086938editar - editar código-fonte - editar Wikidata O município de Vernon (em inglês: Vernon Township) é um município localizado no co...

Gunung Erebus

Gunung Erebus adalah gunung berapi aktif di Antartika. Gunung ini berketinggian 3794 meter di atas permukaan laut dan berlokasi di 77,5 LS, 167,2 BT. Erebus ditemukan pertama kalinya pada tahun 1841 oleh James Clark Ross dan mulai didaki pada tahun 1908. Gunung berapi ini telah terus aktif sejak tahun 1972. Nama gunung ini berasal dari nama Erebus, salah satu dewa dalam mitologi Yunani. Gunung ErebusGunung Erebus, 2014Titik tertinggiKetinggian3.794 m (12.448 ft)name=Puncak3.794 ...

 

Dvora Omer

Dvora Omer Dvora Omer en 1951.Información personalNombre en hebreo דבורה עומר Nacimiento 9 de octubre de 1932 Kibbutz Ma'oz, PalestinaFallecimiento 2 de mayo de 90033, 80 años Kfar Ma'as, IsraelNacionalidad israelíFamiliaPadres Moshe MosenzonCónyuge judaísmoHijos 3 EducaciónEducada en Oranim Academic College Información profesionalOcupación escritora, maestraAños activa desde 1955Distinciones Yatziv Prize (1959)Lamdan Prize (1968)Ministry of Culture Prize (Israel)&...

 

Source Music

Source MusicNama asli쏘스뮤직Nama latinSsoseumyujigJenisAnak PerusahaanIndustriEntertainmentGenreK-popR&BBaladaDance-PopDidirikan17 November 2009PendiriSo Sung-jinKantorpusatYongsan Trade Center, Yongsan, Seoul, Korea SelatanJasaProduksi musikPerizinanManajemen artisKaryawan21 (2019)[1]IndukHybe Corporation (Sejak 2019)Situs webOfficial Site Source music (Hangul: 쏘스뮤직) adalah perusahaan rekaman Korea Selatan yang didirikan pada tahun 2009 oleh So Sung-jin, Perusahaan i...

2023 Indonesia Masters

Badminton tournament in Indonesia Badminton tournament2023 Indonesia MastersTournament detailsDates24–29 JanuaryLevelSuper 500Total prize moneyUS$420,000VenueIstora Gelora Bung KarnoLocationJakarta, IndonesiaChampionsMen's singles Jonatan ChristieWomen's singles An Se-youngMen's doubles Leo Rolly Carnando Daniel MarthinWomen's doubles Liu Shengshu Zhang ShuxianMixed doubles Feng Yanzhe Huang Dongping ← 2022 2024 → The 2023 Indonesia Masters (officially known as the Daihatsu Indonesia Ma...

 

Mohammed Abdellaoue

Mohammed Abdellaoue Informasi pribadiNama lengkap Mohammed AbdellaoueTanggal lahir 23 Oktober 1985 (umur 38)Tempat lahir Oslo, NorwegiaTinggi 1,82 m (5 ft 11+1⁄2 in)Posisi bermain PenyerangInformasi klubKlub saat ini VålerengaKarier junior1997–2000 Hasle-Løren2001–2003 SkeidKarier senior*Tahun Tim Tampil (Gol)2003–2007 Skeid 86 (40)2008–2010 Vålerenga 67 (30)2010–2013 Hannover 96 80 (29)2013–2015 VfB Stuttgart 12 (1)2015 VfB Stuttgart II 4 (0)2015– V...

 

KZL

KZLPosterGenreDramaPembuatViu OriginalSkenario Edo Wahyu Fahreza Rizky Nur Farida Fathira Deiza Aldairubi CeritaVictor da CostaSutradaraEdo Wahyu FahrezaPengarah kreatifMonda Cakra GamaPemeran Julian Jacob Fathia Izzati Lagu penutupVirtual Connection — Julian Jacob dan Fathia IzzatiMusikAdityar AndraNegara asalIndonesiaBahasa asliBahasa IndonesiaJmlh. musim1Jmlh. episode13 (daftar episode)ProduksiProduser eksekutif Nickhil Jakatdar Arun Prakash Produser Irwan Ali Akbar Tania Hudoro Sinemato...

Agricultural History (jurnal)

Agricultural History  Singkatan (ISO)Agric. Hist.Disiplin ilmuSejarahBahasaInggrisDisunting olehAlbert WayDetail publikasiPenerbitAgricultural History Society (Amerika Serikat)Sejarah penerbitan1927–sekarangFrekuensiTriwulananPengindeksanISSN1533-8290LCCN2001-214619OCLC45905785 Pranala Journal homepage JSTOR Agricultural History adalah jurnal ilmiah yang ditinjau sejawat yang diterbitkan secara triwulanan oleh Agricultural History Society di Amerika Serikat. Jurnal ini didirikan pada 1...

 

November 1933 German parliamentary election

November 1933 German parliamentary election ← March 1933 12 November 1933 (1933-11-12) 1936 → All 661 seats in the Reichstag331 seats needed for a majorityRegistered45,178,701 (1.1%)Turnout95.3% (6.6pp)   Majority party   Leader Adolf Hitler Party NSDAP Leader since 29 July 1921 Last election 43.9%, 288 seats Seats won 661 Seat change 373 Popular vote 39,655,224 Percentage 92.1% Swing 48.2pp Government before electio...

 

Brett Brown

American professional basketball coach Brett BrownBrown in 2015San Antonio SpursPositionAssistant coachLeagueNBAPersonal informationBorn (1961-02-16) February 16, 1961 (age 62)South Portland, Maine, U.S.NationalityAmericanListed height5 ft 11 in (1.80 m)Career informationHigh schoolSouth Portland(South Portland, Maine)CollegeBoston University (1979–1983)Coaching career1988–presentCareer historyAs coach:1988Altos Auckland1988–1993Melbourne Tigers (assistant)1993–199...

Santa Clarita Woodlands Park

Open space preserve in Los Angeles County, California Santa Clarita Woodlands ParkTowsley CanyonShow map of Santa ClaritaShow map of the Los Angeles metropolitan areaShow map of CaliforniaNearest citySanta Clarita, California, United StatesCoordinates34°20′58″N 118°33′29″W / 34.3495°N 118.5581°W / 34.3495; -118.5581Area4,000 acres (16 km2)Governing bodyMountains Recreation and Conservation Authority (MRCA)WebsiteSanta Clarita Woodlands Park S...

 

Мікрокод

Мікропрограма (також мікрокод англ. microcode) — програма на спеціалізованій, апаратно-залежній мові програмування, що реалізує керування процесором в системах з мікропрограмним керуванням. Розробники процесорів надають програмістам набір програмно доступних операцій,...

 

Malcolm X (soundtrack)

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Malcolm X soundtrack – news · newspapers · books · scholar · JSTOR (May 2014) (Learn how and when to remove this template message) 1992 soundtrack album by Various artistsMalcolm XSoundtrack album by Various artistsReleased1992RecordedVariousGenreJazz, R&B, blue...

Diani Beach

Diani redirects here. For the cardinal, see Pietro Diani. Town in Kwale County, KenyaDiani BeachTownSunrise at Diani BeachDiani BeachLocation in KenyaCoordinates: 4°19′20″S 39°34′30″E / 4.32222°S 39.57500°E / -4.32222; 39.57500Country KenyaCountyKwale CountyTime zoneUTC+3 (EAT)WebsiteDiani Beach Diani Beach is a major beach on the Indian Ocean coast of Kenya (in eastern Africa). It is located 30 kilometres (19 mi) south of Mombasa, in Kwale County...

 

Kid Notorious

American TV series or program Kid NotoriousGenre Sitcom Black comedy Surreal humor Created byBrett MorgenRobert EvansAlan R. CohenAlan FreedlandVoices ofRobert EvansAlan SelkaNiecy NashSlashJeannie EliasCountry of originUnited StatesOriginal languageEnglishNo. of seasons1No. of episodes9ProductionRunning time22 minutesProduction companiesAlan & Alan ProductionsSix Point HarnessOriginal releaseNetworkComedy CentralReleaseOctober 22 (2003-10-22) –December 17, 2003 (200...

 

Ray Morrison

American athlete and coach (1885–1982) For the American football and baseball coach, known as Scooter, see Ray Morrison (coach). Ray MorrisonBiographical detailsBorn(1885-02-28)February 28, 1885Sugar Branch, Indiana, U.S.DiedNovember 19, 1982(1982-11-19) (aged 97)Miami Springs, Florida, U.S.Playing careerFootball1908–1911Vanderbilt Position(s)Quarterback (football)Catcher, Outfielder (baseball)Coaching career (HC unless noted)Football1915–1916SMU1918Vanderbilt1921SMU (assistant)192...

Thomas Bond (British surgeon)

For other individuals with this name, see Thomas Bond (disambiguation). Dr Thomas Bond Thomas Bond FRCS, MB BS (London), (7 October 1841 – 6 June 1901) was an English surgeon considered by some to be the first offender profiler,[1][2][3] and best known for his association with the notorious Jack the Ripper murders of 1888. Early life Born at Durston Lodge at Durston in Somerset in 1841, he was the son of Thomas Bond (1806-), a gentleman farmer, and Mary née Hearne (...

 

Sáta

You can help expand this article with text translated from the corresponding article in Hungarian. (December 2009) Click [show] for important translation instructions. View a machine-translated version of the Hungarian article. Machine translation, like DeepL or Google Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English...

 

Strategi Solo vs Squad di Free Fire: Cara Menang Mudah!