San Francisco | July 16, 2025
Chinese authorities are reportedly using a new surveillance tool called Massistant to extract sensitive data from confiscated Android phones, raising alarms among cybersecurity experts and travelers alike.
Core Facts:
- Developer Identified: U.S. cybersecurity firm Lookout says the malware was developed by Chinese tech company Xiamen Meiya Pico, a major supplier of forensic tools to law enforcement in China.
- How It Works: Massistant requires physical access and an unlocked phone to function, working with a desktop-connected hardware tower to extract data.
- Data Collected: The tool can pull text messages (including from encrypted apps like Signal), photos, audio recordings, call logs, contacts, and location history.
- Widespread Use Suspected: Forum posts in China suggest the malware is commonly installed during police interactions, particularly at checkpoints.
- No iOS Version Found Yet: While Lookout did not detect an iPhone version, promotional images on Meiya Pico’s website show iPhones connected to its forensic hardware.
- Legal Environment: Since 2024, Chinese police can search phones and computers without a warrant or investigation. Travelers may be compelled to unlock devices at borders.
- Forensic Trace: The malware leaves traces behind, meaning users can sometimes detect and remove it—though by then, data has already been exfiltrated.
- Background: Massistant is seen as the successor to MSSocket, another forensic tool previously analyzed. Meiya Pico holds a 40% share of China’s digital forensics market and was sanctioned by the U.S. in 2021.
- Ongoing Concern: Lookout tracks over 15 surveillance malware families linked to Chinese firms, calling it part of a “large ecosystem” of domestic spyware.
Context
The revelation underscores growing concerns about data privacy and surveillance in China, particularly for journalists, activists, and foreign travelers carrying personal devices.
