Security researchers warn that Chinese authorities are employing a new type of malware called Massistant to extract extensive data from confiscated phones. This includes access to text messages, chats from encrypted apps like Signal, images, location history, audio recordings, contacts, and more.
Developed by Chinese tech firm Xiamen Meiya Pico, Massistant is Android-based forensic software designed to extract data from phones physically seized by authorities. While it requires direct access to unlocked devices, it can pull vast amounts of personal data once installed. The malware reportedly works alongside a hardware device connected to a desktop computer.
Lookout, the mobile cybersecurity company that analyzed Massistant, found posts on Chinese forums indicating the malware is widely used by police forces in China. Users have reported discovering it on their devices after police encounters.
Limitations and Concerns
Lookout researchers couldn’t analyze the desktop component or find a version compatible with Apple’s iOS, though Xiamen Meiya Pico’s website hints at an iOS variant. The malware does leave traces on devices, appearing as an app or detectable through advanced tools like Android Debug Bridge. However, once installed, the data is already compromised.
Authorities reportedly do not rely on hacking exploits like zero-days since they often obtain phones willingly from individuals during inspections, empowered by China’s laws permitting searches without warrants.
Xiamen Meiya Pico holds about 40% of China’s digital forensics market. It has been sanctioned by the U.S. government since 2021 for supplying surveillance technology to Chinese authorities. Massistant is the successor to the company’s previous tool, MSSocket, analyzed back in 2019.
Lookout tracks at least 15 malware families linked to Chinese surveillance firms, highlighting a large and sophisticated ecosystem of spyware.
What The Author Thinks
Massistant’s existence underscores a growing concern about digital privacy and human rights in an increasingly surveilled world. For travelers and residents alike, the risks extend beyond mere device confiscation to invasive and persistent data extraction. The fact that such tools require physical access may offer some reassurance, but the broad use of these technologies without proper oversight or legal safeguards points to a troubling erosion of digital freedoms. Users should exercise caution and employ security best practices when crossing borders or interacting with authorities in regions known for aggressive surveillance.
Featured image credit: Gary Lerude via Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.