Chinese Espionage

WeChat, DJI, Huawei, ZTE join list of Chinese technology banned by overseas militaries on security worries
By Celia Chen and Iris Deng

The WeChat application seen on an iPhone home screen on March 5, 2018.
Messaging and e-payment app WeChat has become the latest Chinese technology to be banned by an overseas military on security grounds, with Australia instructing its armed forces not to use it.
The country's defence department said the service did not meet its standards, although it did not directly link the ban to security concerns.
"Software and applications that do not meet Defence standards will not be authorised for use on Defence networks and mobile devices," the country's defence department said in an email statement. "Defence has a strict policy concerning the use of social media on its networks and mobile devices. Defence allows very few applications on Defence mobile devices. WeChat has not been authorised for use. "
Late last year the U.S. military banned the use of drones made by China's DJI, the world's largest maker of the devices, citing "cyber vulnerabilities." 

Other Chinese technologies have come under scrutiny, with a plan by mobile phone maker Huawei for a tie-up with US telecoms firm AT&T falling through under U.S. government pressure.
The Australian Financial Review newspaper reported last month that U.S. security officials had voiced concerns about Chinese involvement in the development of fast 5G networks in Australia. Also in January the US blocked the US$1.2 billion sale of money transfer firm Moneygram to China's Ant Financial, the digital payments arm of Alibaba, while in September Chinese-backed Canyon Bridge Capital Partners' US$1.3 billion bid for Lattice Semiconductor was rejected.
Analysts said the ban on WeChat for military personnel was in line with policies in other countries.
"It is obvious that Australia is standing on the same side as the US and follows its steps. The WeChat ban is more a political behaviour to show its support for the US," said Li Yi, chief fellow at the Shanghai Academy of Social Sciences.
"However, it is understandable that the Australian defence department banned staff from using WeChat on concern over messages being monitored by the Chinese government," Li said.
"It is the same story in most countries, where defence departments have to use authorised software. WhatsApp and Facebook are completely banned in China," he said.
WeChat, owned by internet giant Tencent, has 1 billion monthly active users globally. 

Tencent did not reply to requests for comment.

China's Espionage Tools

Foreign users are staying away from Chinese apps

By Viola Zhou

Chinese technology companies with global ambitions still share one common hurdle: they can not protect users’ private data, thanks to Beijing’s pathological internet controls.
From cellphone makers to social media platforms to photo-editing apps, Chinese internet products stir up privacy controversies when they tap overseas markets.
The latest to come under the spotlight is an app that applies virtual makeup on selfies.
Meitu has been popular in China for years with its parent company launching a US$630 million initial public offering in Hong Kong last year.
Its recent rise to fame in the west, however, was followed by media reports denouncing the beauty app selling people’s personal and phone information.
The company has refuted the claims, but knowing their data was being sent to China was enough to scare off consumers abroad.
“They have prejudices against China,” Meitu’s chairman Cai Wensheng said at a media briefing earlier this month. 

“Our company is in China. Of course our servers are based there.”
Meitu’s experience highlights a deep distrust in Chinese IT products among foreign consumers, especially as Chinese government continues to tighten its grips in the cyberspace.
To get past this global perception of the country’s censorship paranoia, analysts say mainland tech companies must try to commit themselves to more transparency, to win over the hearts and minds of overseas users.
Security concerns are not new to China’s tech sector, of course.
Telecom gears made by Huawei and ZTE were labelled national security threats by the US government in 2012, while phonemaker Xiaomi faced data privacy investigations in Taiwan and Singapore. 

New internet regulations issued by Beijing only added to the worries that mainland products pose privacy threats.
A controversial cyber security law passed in November requires internet operators to store internet logs for at least six months and provide “technical support” to any investigations involving potential crime or national security.
During the Meitu controversy, technology bloggers and security commenters based their accusations on a Chinese regulation issued in June last year requiring China’s app developers to verify users’ identities and save their activity logs for 60 days.

Both rules state they apply to those that provide internet services within China, without specifying how data from foreign users of Chinese companies is handled.
Foreign businesses said that such laws will be used to force tech firms to hand over data.
Joel Snyder, senior partner at US IT consulting firm Opus One, said western consumers remain worried that Chinese companies do not follow the moral code in protecting users’ privacy.

Spying for China

“US and European consumers know that the Chinese government has its hands in every software and hardware company and that there are numerous ways in which private information might be compromised in favour of the Communist Party,” Snyder said in an email to the South China Morning Post.

Heavy online censorship by Beijing has also hurt the image of Chinese tech companies.

The country’s most popular instant-messaging app WeChat was blocking keywords that Beijing deemed "harmful", according to a November study by the University of Toronto’s Citizen Lab.

Its parent company Tencent has insisted it "complies with" the local laws and regulations in which is operates.
Although the study also shows censors do not act on accounts registered with overseas phone numbers, people outside of China are concerned what they say to their friends on WeChat are filtered out and monitored.
Queenie Wong, 22, who works for an accounting firm in Hong Kong, said she uses Whatsapp and Facebook’s Messenger instead of WeChat to avoid censorship.
“Overall I’m not confident about mainland apps,” Wong said. 

“The Chinese government controls the internet. I don’t want my private information to be sent there.”
Wong’s concerns are shared by her family and friends.
In Hong Kong, Tencent used to give out freebies and have local celebrities star in advertisements to boost the popularity of WeChat.
But it has so far failed to beat Whatsapp, which promises that messages cannot be read by third-parties with its end-to-end encryption.
Some have taken action to address such concerns. 

Xiaomi in 2014 shifted some of its data on non-Chinese customers from servers in Beijing to those in the US and Singapore.
Its vice president Hugo Barra at the time said on his blog that the data migration “better equips us to maintain high privacy standards and comply with local data protection regulations”.
“This is a very high priority for Xiaomi as we expand into new markets over the next few years.”
Following the most recent accusations against Meitu, it issued a statement explaining how it uses customer phone data to track app performances and customise in-app advertisements.

Its chairman said the company is also considering setting up servers in Hong Kong and the US.
“We pay great attention to privacy,” Cai said. 

“If a company fails in this area, it will not be able to develop, especially when targeting overseas users.”

Internet experts say mainland tech companies can change the negative perception with stronger and more transparent security practices.
Lam Kwok-yan, cyber security researcher at the Nanyang Technological University in Singapore, says Chinese apps or mobile phones put their users at risk because they contain malware or fail to ensure secure data transmission.
Lam said to convince overseas users their products are safe, Chinese firms should adopt international security standards in developing the apps, testing them and handling user’s information.
Snyder also said mainland internet companies should exercise transparent security measures to gain the trust of western consumers.
“The key factor here is reputation,” he said.
“Chinese companies have made no great effort in building their reputation as developers and as trusted sources in US and European markets.”