Loading Now
A forensic company in China has successfully hacked Apple’s AirDrop feature, while the popular social media app TikTok is now obscuring hashtags.
A forensic company in China has successfully hacked Apple's AirDrop feature, while the popular social media app TikTok is now obscuring hashtags.

A forensic company in China has successfully hacked Apple’s AirDrop feature, while the popular social media app TikTok is now obscuring hashtags.

Recent findings of privacy flaws in Apple’s AirDrop feature and difficulties in tracking content trends on TikTok demonstrate the challenges faced by tech companies with connections to China when it comes to managing political sensitivities.

The initial scenario pertains to Apple’s AirDrop functionality, which utilizes Bluetooth and Wi-Fi to facilitate anonymous sharing of content between users of Apple devices who are in close proximity. This has posed challenges for law enforcement in monitoring the feature through traditional methods of internet surveillance, as it does not require an internet connection. However, according to an article by Yuanyue Dang for the South China Morning Post, the Beijing Bureau of Justice announced this week that a forensic company, Beijing Wangshendongjian Technology Co Ltd, has successfully bypassed AirDrop’s privacy safeguards. This has enabled the bureau to identify individuals accused of sharing “inappropriate speech” with subway passengers via AirDrop.

The bureau did not provide a specific date for the incident, but noted that Wangshendongjian examined the iPhone’s records and uncovered the sender’s mobile number and email address in the form of hashed values, some of which were concealed.

According to the article, Wangshendongjian utilized a “rainbow table” to crack passwords and extract enough data from the files to assist the police in identifying multiple suspects.

The article reported that since its establishment in 2020, the company, which is a subsidiary of Qi An Xin Technology Group Inc (QAX), has conducted 850 investigations primarily for “public security clients and criminal cases”.

According to sources from both QAX’s website and media reports from mainland China, the company offers services to law enforcement in multiple provinces. Wangshendongjian is part of a unit that specifically studies forensic methods for electronic devices. [Source]

In October 2022, the AirDrop function was utilized on the Beijing subway to distribute media regarding the Sitong Bridge demonstration. Prior to the White Paper protests in November, Apple discreetly limited the feature for Chinese users, requiring them to opt-in in order to receive files from non-contacts and restricting the feature to a ten-minute period before it automatically turned off. Under pressure, Apple eventually extended this restriction to all users globally. The AirDrop feature was also employed by protesters during Hong Kong’s pro-democracy movement.

Professor and cryptographer Matthew Green from John Hopkins University wrote a comprehensive blog post discussing the technical and political aspects of tracing AirDrop transmissions. He suggested that Apple was likely aware of this vulnerability since the feature was first introduced, and external researchers had already alerted them of it in 2019. While he proposed other methods for safeguarding privacy while using AirDrop, Green concluded that Apple may not have the incentive to implement these solutions due to potential backlash from the Chinese government.

Unfortunately, those of us who are not involved can only make assumptions about this situation. The reality is concerning: Apple heavily relies on China’s manufacturing and sales capabilities, making them susceptible to any backlash from the Chinese government. In the past, they have implemented measures that seemed to limit the use of AirDrop in China. While there is no concrete evidence for their intentions, it certainly raised suspicions.

Recently, the Indian government has been pressuring Apple regarding its notification to journalists about a series of attacks that were supposedly sponsored by the state. In response, Apple has significantly reduced the severity of its warnings. However, in comparison to China, Apple’s involvement and investments in India are relatively minimal, although this is gradually evolving.

Therefore, there is a valid concern regarding the potential political implications of Apple’s decision to enhance the privacy features of AirDrop, especially at a time when lack of privacy is being seen as advantageous by Chinese authorities. Although this attack may not be essential for law enforcement in China, the choice to address it could be perceived as a disrespect. [Source]

Apple has a well-documented past of giving in to the demands of Chinese officials in order to aid in their censorship and monitoring efforts. In the year 2017, Apple eliminated certain apps that allowed users to bypass China’s internet limitations, as well as news apps like the New York Times (NYT) App.

In 2018, Apple created a collection of fresh iPhones designed for the Chinese market, equipped with two physical SIM-card slots. This enabled more efficient monitoring of individuals by the government. Additionally, Apple granted physical jurisdiction of its Chinese iCloud system and Chinese users’ data to a state-owned enterprise in China. According to a recent investigation by The New York Times, it was discovered that Apple had also agreed to allow the Chinese government to authorize all encryption technology used by Apple in China and store it within the country.

In the midst of the 2019 pro-democracy demonstrations in Hong Kong, Apple took down a mapping app that was being utilized by protestors to monitor police movements. Additionally, they removed the news app Quartz from the Chinese app store due to its reporting on the protests. At the same time, the Taiwanese flag emoji was also removed from Hong Kong iPhone keyboards and other regions.

In 2019, it was reported that Apple and Tencent were collaborating to develop a list of banned websites for the Safari web browser in China. This list includes not only sites with malware, but also those with political content that the Chinese government considers damaging. In January 2023, Apple discreetly extended the implementation of Tencent’s website blacklist to users in Hong Kong, which included platforms like GitLab for sharing code.

In 2021, The New York Times conducted a study using data from Sensor Tower, a company that collects information on apps. The study revealed that approximately 55,000 apps, including 600 news apps, were no longer available on Apple’s App Store in China between 2017 and 2021. However, these apps were still accessible in other countries. 27 of the censored apps were focused on LGBTQ+ content. (GreatFire.org has developed a website to showcase the differences in available content on Apple’s App Stores in China, the United States, and other locations.)

In 2021, the Citizen Lab released a report on Apple’s censorship practices in various regions. The report revealed that in China, Apple may have gone beyond what is mandated by the government’s laws and regulations. This is in stark contrast to Apple’s reputation and interactions with law enforcement in the United States. The report also noted that the keywords used in Apple’s censorship lists indicate that even Apple may not fully comprehend the content they are censoring.

In October 2023, Apple made a decision to require developers to obtain a Chinese government license before their apps can be available on the Chinese App Store. This decision aims to close a loophole in censorship and make it more challenging for Chinese users to access both foreign and domestic apps.

During that time period, Apple terminated their show “The Problem with Jon Stewart” on Apple TV+ due to discrepancies in creative ideas surrounding China and other subjects proposed for the next season.

In the second scenario, TikTok is involved. According to Haleluya Hadero’s report for the AP, TikTok has covertly limited the access to a tool commonly used by researchers to analyze video popularity. Additionally, they have eliminated certain hashtags that are considered sensitive by the Chinese government.

The Creative Center on TikTok, accessible to all users but primarily designed for businesses and marketers, has removed the feature to search for particular hashtags, even harmless ones, in order to showcase the latest trends on the platform.

The social media company, which is owned by Beijing-based ByteDance, has also removed certain hashtags from the Creative Center that some online researchers had stored for analysis. They include topics that would be seen as controversial to the Chinese government – such as “UyghurGenocide” and “TiananmenSquare”- as well as hashtags about U.S. politics and the war in Gaza and Ukraine. The Center will now only allow searches for the top 100 hashtags by industry, the company said. [Source]

The Creative Center has been modified following the release of a report by the Network Contagion Research Institute in the previous month. The report revealed that there are considerably fewer hashtags related to Uyghurs, Tibet, Tiananmen Square, Hong Kong protests, and Taiwan on TikTok compared to Instagram. A TikTok representative referred to the report when explaining the rationale behind the changes and disagreed with its conclusions. The Cato Institute also raised concerns about the methodology used in the report.

Despite the validity of the report, TikTok’s alterations will create obstacles for researchers and legislators to examine content on its platform. The platform has a track record of censorship, particularly regarding topics that are deemed sensitive by the Chinese government. In 2019, leaked internal documents revealed that TikTok instructed moderators to censor videos discussing Tiananmen Square, Tibetan independence, and Falun Gong. Additionally, the platform suspended the account of an American teenager twice for sharing videos aimed at shedding light on human rights violations in Xinjiang.

In the year 2020, The Intercept uncovered confidential materials indicating that TikTok moderators were instructed to restrict political expressions and suspend accounts of individuals who threatened national reputation or mentioned government agencies like the police. Subsequently, the Australian Strategic Policy Institute released a study revealing that LGBTQ+ topics were suppressed on TikTok in at least eight languages and provided proof that TikTok manipulated content to censor posts exposing human rights violations in Xinjiang. In 2022, a technology expert discovered that TikTok still prohibited various terms related to LGBTQ+ issues and the name “Peng Shuai.”