Hilary Osborne and Sam Cutler, the Guardian:
An investigation by the Guardian and international partners has found that travellers are being targeted when they attempt to enter the region from neighbouring Kyrgyzstan.
Border guards are taking their phones and secretly installing an app that extracts emails, texts and contacts, as well as information about the handset itself.
Tourists say they have not been warned by authorities in advance or told about what the software is looking for, or that their information is being taken.
Moritz Contag and Cure53 (PDF) published technical analyses of the Android spyware, which appears to dump a fairly comprehensive summary of the phone’s contents and user activity. Raymond Zhong reports for the New York Times that iPhones are connected with a cable to a box that performs a similar task. Presumably, this is something like a GrayKey.
This is obviously intrusive, and points to an increasingly urgent need to make mobile devices as secure as possible. There’s no reason why, in a more authoritarian world, capabilities like this would be used less. Why would China want to restrict this to its borders with just one country? Why would this be restricted only to China?