Hacker News new | past | comments | ask | show | jobs | submit login
Police forcing me to install Jingwang spyware app, how to minimize impact? (stackexchange.com)
452 points by sebazzz 11 months ago | hide | past | web | favorite | 191 comments

Is this only being done in Xinjiang (https://thenextweb.com/asia/2017/07/25/chinas-forcing-its-ci...), or have the police expanded it to other parts of the People's Republic of China?

ETA: Apparently some tourists are being forced to install it as well: https://www.reddit.com/r/security/comments/8ofiiw/chinese_bo...

Also worth checking out the excellent ABC (Australia) multimedia feature on China's "social credit" system:

Social credit is like a personal scorecard for each of China’s 1.4 billion citizens.

In one pilot program already in place, each citizen has been assigned a score out of 800. In other programs it’s 900.

Those, like Dandan, with top “citizen scores” get VIP treatment at hotels and airports, cheap loans and a fast track to the best universities and jobs.

“It will allow the trustworthy to roam freely under heaven while making it hard for the discredited to take a single step.”

Those at the bottom can be locked out of society and banned from travel, or barred from getting credit or government jobs.

The system will be enforced by the latest in high-tech surveillance systems as China pushes to become the world leader in artificial intelligence.

Surveillance cameras will be equipped with facial recognition, body scanning and geo-tracking to cast a constant gaze over every citizen.


> ... with top “citizen scores” get VIP treatment at hotels and airports, cheap loans and a fast track to the best universities and jobs.

Like, come on. There is no possible way this won't be gamed to death. I can't conceive of this system ever working for more than 7 years, max. And then having people in the algorithmic underclass? Jesus. This is pretty much forcing a revolution to happen. Once you end up at the bottom, what do you have to loose? Unless there is a 'bankruptcy' mechanism, this is obviously doomed to failure.

this is like credit scores on steroids

Can we stop with argumentative and ultimately pointless comparison between the US and China.

For me what's astounding is:

"Lastly, nothing is transmitted from the individuals device to the receiving server over HTTPS — all in plaintext via HTTP — and updates are unsigned. This means all the data the app collects is transmitted to the unknown entity on the receiving end in a way that allows someone with a trivial amount of technical knowledge to intercept and potentially manipulate" [0]

Is there any reason besides incompetence why the apps developers would do this?

[0] https://www.opentech.fund/news/app-targeting-uyghur-populati...

Edited: formatting

It could be that further up the network they are dropping HTTPS packets, or that they plan to in future. It isn't unheard of to simply deny encrypted protocols at the ISP level for a period of time and I could see China doing this in some areas while simultaneously forcing common sites and apps to have functional unencrypted versions to minimise commercial disruption.

The EU found a way around that with "content filters" - basically anything you upload will be sent to a government controlled body for inspection. This works fine with encryption and there is no need to ban math.

> someone with a trivial amount of technical knowledge to intercept and potentially manipulate

You didn't seem to understand, the JingWang app was supposed to be the someone with trivial amount of technical knowledge to intercept and manipulate.

Is there any good reason why they wouldn’t do this? All the traffic is going over networks under control of their government. If some lone wolf spies on a few people or owns their phones, it doesn’t really matter to the developers.

plausible deniability? that way if you get hacked by the govt, they can blame it on cybercriminals or western intelligence agencies

Also cost.

Cost of what, exactly? An (free) TLS certificate from Let's Encrypt?

I'm guessing that when you start snooping on the everyday mobile activity of 1.3 billion citizens you hit the kind of scaling problems that usually only Facebook and Google see.

Considering China records and stores millions of hours of video data among other things they are probably getting pretty good at snooping.

There's probably (simple/cheap) ways to overcome that, but I see your point.

Cost of servers to handle millions of TLS connection initialisations and HTTPS stream decryptions, versus simple plain-text streaming...

TLS isn't the only option, though. You could use TLS on setup to share a pre-computed secret between the device and the remote server, then bin the TLS connection. After that, encrypt and forward over HTTP.

Laziness isn't an excuse.

FYI, the mechanism you describe is (essentially) how TLS works...

Could be a "pragmatic" way for multiple governmental agencies to deliver payloads and collect data.

>Is there any reason besides incompetence why the apps developers would do this?

Well... cheap shot maybe, but it's Android. People are always hating on Apple for having security checks and rules. Android, on the other hand... how did Sundar Pichai put it? "We prioritize openness over security," something like that.

Openness does sound good but positioning it as a tradeoff with security bothers me. Having both would be good.

I'm wondering how this is or will be handled on the Apple platform. When that information comes out, I'm not expecting it will make Apple look good, since they have said they will follow the law (no matter how bad the law is!) wherever they sell their devices. If following the law means allowing a spyware app into the App Store, and they do this, I'll have to reevaluate my expectations of privacy for using Apple devices.

> Openness does sound good but positioning it as a tradeoff with security bothers me. Having both would be good.

Letting people write and install whatever program they want necessarily includes letting them write and install shitty programs.

Yes. I can write and install any shitty program I want on my Apple device. No problems there.

But when it comes to other people's devices, those other people probably want a say in who the device is open to and when, and for what purpose. Apple helps make it possible for them to have a say.

While I am free to install astoundingly shitty software on my own iPhone/iPad/Mac, Apple makes it difficult for me to install shitty programs on other people's Apple devices without their knowledge or consent.

Seems like a reasonable way of doing things. Open for your own device, and others get to decide for themselves what they are open to for their devices.

How are you free to install software on your own iPhone or iPad when you need a developer account to get a signing certificate to install your app on your own phone?

With a developer account.

And yet Google blocked the app i built while Apple let it pass.


Which app was that?

I would prefer not to say as, after some difficulty, I was able to reach someone at Google, provide necessary details and get approved to resubmit -- but the app name is now locked so I need a new one

Yes, that was a very cheap shot. It's not Android's fault that China is forcing crappy spyware on users

I wouldn’t say very. Didn’t Fortnight bypass the play store by using a direct/side-load install? Those things can only be done with design level decisions being made in a product.

That was to avoid giving Google a cut of in app purchases.

Definitely, I meant that they were only able to circumvent the Play store because of the settings/admin/root access etc intentionally left open by the core product team.

To clarify, the article doesn't mention that they were stopping iPhone users to install the app, only Android. I'm not too familiar with the method/tech though. If by design, Android had a more closed ecosystem, they couldn't force it so casually. I'm personally not a fan of that approach, but could see the benefits when under this type of government.

Cheap shot indeed. The decision to use HTTP over HTTPS is unquestionably impartial whether it's implemented for an Apple or Android device.

Unsigned updates? Sounds like it would be relatively easy to disable (in addition to being a vector for malware)

Maybe this is the point? Make the first round of malware easy to circumvent so as to "entice the snakes out of their caves?"

The police would just come round again if they stop getting data.


> Yeah, let's pretend there's no point in opposing an authoritarian surveillance state and simultaneously express dismay that this invasive software is poorly designed.

Are you describing China or America? Maybe Russia?

na85 11 months ago [flagged]


Reading stuff like these always makes me so sad about Chinese people. Guys just like me, who like fiddling with computers and just want to be happy have to live in this totalitarian nightmare. I know it sounds silly to care about this stuff when probably there are much worse things happening in China, executions and stuff. But from my ignorant POV, tech is the one thing I can relate to.

At the same time it makes me feel lonely. I would love to be able to help them in some way, but I can't.

This is in Xinjiang region.

Muslim minority (but majority in Xinjiang, more or less resisting forced assimilation). Regular Han people don't really have much sympathy for them, and since China is nowadays an ethnostate, the state won't care either.

They would not currently attempt to do this in Han cities.

What are the benefits & liabilities to both installing and to circumvention?

What I mean is that China is known to jail political dissidents (and or lower their social score which has negative implications, like limiting travel), so you have to weigh the risks of being viewed negatively via the spyware's information leakage with the risk of getting caught circumventing. For example one could only be a lower social score, while the other could literally be jail or "disappearing."

I might sound like a immoral question, but you really have to weigh the potential risks of doing what that thread asks. I won't give people advice on circumvention not because I agree with the Chinese government (I don't!) but because I don't want to be partly responsible for a Chinese dissident getting caught and "punished" for the attempted circumvention.

In my view, there is a case for civil disobedience. However, if you are going that route, then you should be prepared (and possibly even welcome) the consequences. Your goal should be to draw attention to the problem and put pressure on the government to change its laws.

This tactic is very good if the government is likely to respond to that kind of pressure. Gandhi and his followers risked death for their actions. Gandhi referred to them as "soldiers" because, even though their battlefield was political, the consequences were the same. Through the horrific deaths of the disobedient, the British government was forced out of India. Before you engage in an act of civil disobedience, you need to understand the playing field. For India, Gandhi surmised (and was correct) that the result would be as inevitable as the losses, and people willingly sacrificed themselves for the cause. This will not always be the case (and I would be very much surprised if it is the case in China because there is very little pressure that can be effectively applied to the Chinese government, whether inside or outside of the country).

So if civil disobedience is not the goal, what is the point of trying to work around the spyware? Obviously to avoid being spied upon. But it's important to understand that it is breaking the law. It makes you a criminal -- with all the downsides that can bring. It doesn't matter whether it is moral or not. Being punished for breaking the law is an incredibly wasteful thing to do from the perspective of trying to make the country a better place, if you are not going the civil disobedience route (and hence using your punishment as a strategic weapon against the government).

So what can you do? Possibly nothing except wait. Fighting and losing may be valiant and courageous, but it's also ineffective. Wait until you can make a difference. Prepare, and plan and store all your energy for the one time where you can succeed. If it doesn't come in your lifetime, then prepare the next generation to wait. Nothing is forever.

And if you want to know how to communicate: never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. As the top reply on SE currently points out, make your cellphone squeaky clean and ensure that there is a lot of normal data on it (i.e. use it like a normal person). Communicate secret things in a different manner.

what you're advising is literally almost impossible to do today and will just get harder to do as time goes on. all it takes is one person on your social graph texting/emailing/sending you the wrong thing and you'll be flagged.

if a panopticon exists, the only way to live a normal life is to avoid it by bypassing it. there is no other option unless you refuse to interact with suspicious people who don't follow your "different techniques". in which case the government succeeds anyways in their efforts to chill disobedience

This just makes it obvious what smart phones are in a world where people pretend otherwise because they're so damn useful.

They are tracking and spying devices. It's implicit in the idea of a 'cell'. When you carry a cell phone you are being tracked. No matter what is going on in the software side of the phone you have ostensible control over you don't control the baseband modem and certainly not the basestations doing multilateration with their super precise clocks. And it's going to get worse with the proliferation of micro and nano cell basestations as well as massive MIMO beamforming at regular ones.

How to minimize impact? Not possible. Once the device is compromised, there is no going back, it is time to stop using the phone for any "questionable" behavior you do not wish Big Brother to record. The only real solution is to live in a place where police do not force you to install spyware.

And do not name your phone "tiananmen square massacre 1989"


Fire Torch Oil lamp Candle flame Blood Democracy Autonomous Twitter Six four Eight nine Eight eight Tank May 35 35 Six Four 64 June Jun+4 Thirty-five Twenty-four Six+four Six 4 6 four

I'm curious what happens if you use a phone that's incompatible with the app. Do you get a free pass, or is China going to only allow the use of compatible devices?

I thank my lucky stars everyday that Samsung has still yet to figure out how to port their security rootkit to OSX. Getting into and out of Digital City is already horrendous enough as it as, I dont need software spying on me forever until I format my machine.

Since there are (were?) virus that can survive a HD format, I wouldn't trust a simple format against a state agency spyware.

I should have been more clear.

If you want to get into most any Samsung building in the world and especially their global HQ in Suwoon they make you install their security shit on any Windows laptops you've got. It blocks USB ports, prevents you from connecting to anything but corporate wifi, and disables any cameras amongst other things.

Once your business with samsung is done you can email someone (And I think it's literally only 1 guy for all of global samsung) and in a couple weeks they'll email you a one time code tied to some kinda hardware ID that you can use to uninstall the software from your machine.

I've got no reason to believe that Samsung is in kahoots with a nation state for any nefarious spying, I just resent being treated as a would be criminal.

That being said if you visit a Samsung office in China, just bring burner tech and throw it away before coming back.

>Once your business with samsung is done you can email someone (And I think it's literally only 1 guy for all of global samsung) and in a couple weeks they'll email you a one time code tied to some kinda hardware ID that you can use to uninstall the software from your machine

...or restore a full disk backup? actually, come to think of it, what's preventing you from playing along and installing their security rootkit, then reimage/reinstall os/swap hdd/switch boot partition once you get in? unless they can overwrite your computer's firmware and prevent it fro. being modified, its trivial to remove the rootkit.

Literally nothing, it's all 100% security theater for anyone thats takes a minute to think through attack vectors.

The only technology they make you declare while entering into the building/campus is the technology you want to take out.

So to exfiltrate data all you'd need to do is buy a burner phone, not declare it when entering, acquire whatever data you're stealing, use the burner to email it to to yourself or w/e, then just ditch the phone before you go back out through security.

There are body scanners and x-ray machines checking people, but only going out, not in.

If rootkits stay on HDDs, yes. But they don’t. There are hundreds of firmware locations on a machine. Many of them are known to be hackable. So it isn’t unthinkable that a wipe of a HDD will not be sufficient to thwart a state level actor.

I came to a Samsung office in Suwong with a MacBook. Wasn’t forced to install anything, but, in order to use their network and 3rd party exchange site, I did have to install that tool on my Win VM. Should have just made a snapshot of VM image before doing that, and then it’d be easy to roll back.

I was more shocked by airport-style scanning security at the entrance and exit, forcing everyone to seal usb drives and phone cameras.

They also run active countermeasures, like deauthing any SSID that isnt one of their own, so no hotspoting. Gotta do it over Bluetooth or a USB cable.

If you find yourself there again make sure to ask whoever is hosting you for VIP status. Supposed to only be Director and above, but it's an absolute game changer as far as the hassle getting in and out every day and I've managed to get it a time or two.

Firmware backdoors are alive and well.

Which software from Samsung are you referring to?

1. Dont try to circumvent with software, they have more experts than you. If you get caught its likely jail.

If you really need some app that they monitor install an Android emulator on your PC.

Or get a phone where their app wont work, like one with Ubuntu or Sailfish OS.

If that works, then it should work to have a different Android profile or use an environment isolation app such as Island or Google's Test DPC. I think there's another new one in the F-Droid store, too, now.

Emulators can be detected.

I'd suggest extracting their binary and seeing how it works. It quite possibly is badly written, with no code update. May be fixed functionality, unable to detect rootkits etc.

I'd sell the smart phone. Then buy a dumb phone.

It's likely that all dumb phone traffic is already monitored in China (so be careful in phone conversations / text messages), but yeah, if you want your personal files kept personal don't carry them on a mobile or otherwise internet connected device.

Oh dear oh dear oh dear. I can't imagine the Chinese government is going to be terribly happy when they find out about that post. I do hope the poster ends up ok.

This makes me wonder, if there was a question about how to break US law, whether that post would be allowed to stand?

I suppose if it was informational, then it might be OK. But seeing how the government has gone after Backpage and other similar sites, I think anything that aids and abets it would be shut down.

I think there's questions about how to deal with US border security, given how they have special laws that apply to them allowing them to hold you into custody until you give up e.g. encryption keys to your hard drive. They don't advise on how to break the law, they advise to not bring personal data across the border and use a VPN to retrieve it from wherever you're coming from.

There are about 200 countries in the world, and laws vary even inside those jurisdictions.

This doesn't seem like a problem with a technical solution. If he slips up and gets caught, that alone might be enough to send him into a Xinjiang concentration camp.

Some of my libertarian tech friends like the idea of more encryption and decentralisation to resist what they perceive as increasingly oppressive governments, but I'm confident that this tech-first approach can never work. A truly oppressive government can easily outlaw these things and identify the users, and they'll be the first to disappear.

There's already laws popping up left and right that you get x years in jail (or are just detained indefinitely) if you don't unlock your digital devices or hard drives. The logic being if you have nothing to hide, etc. It's a direct violation of the self-incriminating constitution thing, but there's lots of attempts to talk around that one.

This has already begun.

How is China handling iphones: is there any equivalent to this app? Will they ban iphones in some sensitive locations if the phones can't be breached?

AFAIK iphones don't allow spyware apps to gather most of the data the android app does.

Iphones are very expensive, so most people are not buying them. They can still read everything you post, every SMS, youe location, and everything you send to an informant or someone using an older Android. Most comms are blocked -- no signal or whatsapp, just Weibo. It's nbd.

I would guess Apple works closely with China and provides special software releases for Chinese devices, probably with spyware embedded.


If you require the services of a private investigator, I'd recommended Chuck to you. He is a reliable, tested and legitimate IT expert who specialize in proliferating any systems or network operation known and unknown. Write to : Wyvernchuck on g-mail.

He specializes in the following services:

Spy on Cheating Partners Identification of Cheating Partner or Employee, Mole in a system. Hack into Bank, Company and Security Agents Websites Hack Bank Accounts, BTC top up, BTC investment, ETH investment etc Contact : WYVERNCHUCK at gmail come +1667-308-3018

When I read the question (and almost answered, but the answer would have been too similar to another one), I was so surprised that anyone can suggest anything beyond "Do. Not. Do. It".

Having as the adversary a state is a game changer and there are a few purple who have the knowledge to imagine a strategy. Suggesting anything to someone who has no idea about security is simply unethical, given what is at stake.

My phone is made in China, from a Chinese manufacturer. How can we know this software isn't either pre-installed or installed via OTA updates?

You can't. Hence the problem with using ZTE or Huawei etc.

You can't really, which is what got HTC into major trouble (iirc).

HTC are not a Chinese manufacturer

People are over simplifying this.

China is a authoritarian surveillance state? Yes.

But that only scratches the surface of a deeper problem within. I think China is just a case of policies easily influenced by lobbyists, and gets executed very efficiently

This contributes much to China's economical success, as well as its (possible) demise.

Reminds me to never go to China. What a nightmare.

It usually isn’t bad unless you live there. As a tourist, you’ll hardly feel like you are in a police state (quite the opposite, it can be quite chaotic and free wheeling as long as you don’t go near politics). Ya, the internet will suck while you are there, but the food is great and there is a lot to see. IMHO, you would feel more repressed in a place like Singapore than the PRC.

If you are going to Xinjiang or Tibet, things start to get weird. Both are really nice places to go, but the logistics are complicated and you’ll feel much more repressed. I went to northern XJ in 2006 before the 2008 riots, it was absolutely stunning and a great place to tour. I also visited the Tibetan part of Sichuan and Yunnan, equally awesome, you are really missing out if you never see it! The Tibetan areas outside of Tibet are easier to get into for foreigners, well at least they were back in 2004. China is getting more closed than it used to be before the olympics, that’s for sure.

> As a tourist, you’ll hardly feel like you are in a police state

Especially if you can't read the propaganda posters.

> Ya, the internet will suck while you are there

Protip: bring a phone with a foreign international data plan. The packets will be routed over the phone network to your home country and bypass the Great Firewall.

Even if you can read the propaganda banners (posters are rare, banners with slogans are more common), it comes off as weird and novel rather than personally oppressive.

I thought that only applies to HK phones, but I have never tried!

I can confirm that Google Fi and T-Mobile data get routed back to the US from mainland China. Location services always think I'm in California.

Not sure why you’re being downvoted, but that’s exactly what I’d say too. In terms of day to day life, it feels more free in many ways. Alcohol is sold freely, small merchants set up on the sidewalk, traffic laws might as well not exist, and nobody will hassle you for spitting on the ground. Of course, you have to spend hours screwing around with VPN software just to read the New York Times, and some of this freedom for other people ends up curtailing your own, like when people burn a shitload of dirty coal with no filters and make it hard to breathe outside. But you certainly don’t feel oppressed as a visitor when you’re not online.

Don't consider a mobile phone to be a secure device.

Only if you completely "own", manage, and trust all suppliers can you say that you even know the scope of trust to associate with your phone. This is not possible on even a "rooted" phone without the software due to the baseband being non-free and non-audited.

It is china's fault, not android because if you travel there, your iphone will be checked too.

Same in the US, they have laws that allow them to detain you if you don't let them search your digital devices.

It would be interesting if someone posted the APK, it's Android so it wouldn't be a big issue to crack it and make it only seem like it works.

1. Install multiple ROMs on your device.

2. One of the ROMs would, essentially, be a dummy device which would have the Jingwang spyware as enforced by gun.

3. The other ROMs would not.

And then what do you do when you have the wrong ROM running and you get grabbed by the police with no opportunity to reboot your phone? There are mitigations but getting this right requires a high amount of vigilance.

I mean, I see so many solutions to this posted there. Dual Boot Rom, Sandbox etc.

How about carrying two phones?

Can easily be found by a search, so it carries the same, if not greater risks, as the other "dual" solutions.

The question says they can't afford two phones.

"I can't afford two phones nor two contracts, so using a second phone is not a viable option for me."

Sounds strange. A 100 Dollar phone plus a prepaid SIM?

I actually never heard that the Chinese police forces spyware on your phone, except if you are a Muslim.

Welcome to the developing world, where the average monthly salary in major cities is lower than $1,500/mo and in minor cities is often sub-$400/mo and a $100 phone is an incredible luxury out of reach of many.

Yeah. Sure. Explain this to me, as a person living in China.

If you have barely enough money for one 100 dollar phone, you won't afford two of them.

Has anybody made a custom android that sandboxes this app and feeds it wrong information?

I hope Chinese party collapses.

If a large illiberal and totalitarian state can succeed and thrive then I fear our own nations will soon follow that path.

Please do not take HN threads into generic national flamewar. This is off topic and never ends well.

While I agree it probably never ends well, this is hardly off topic in this case.

I see your point. There's a subtle assumption in what I said that was probably unclear, so I'll try to explain.

Generic discussions, especially generic flamewars, lead to the same things being said over and over. These topics are important and people feel very strongly about them, and because their passions are so engaged, they stride into the threads with tried-and-true weapons (talking points, prepared statements, and so on) to smite the other side with. The other side responds in kind, and off into battle we go.

In addition to being violent by internet standards, such discussions are also predictable. That's where the point about off-topicness comes in. Predictability is what this site exists to avoid; its core value is intellectual curiosity (see https://news.ycombinator.com/newsguidelines.html), and that lives at the opposite end of the topic spectrum. So when I say that an argument like this is off topic, I mean it's off topic for Hacker News as a whole, even if it's related to the story at hand.

Tons more explanation of this can be found via https://hn.algolia.com/?query=by:dang%20generic&sort=byDate&... if anyone wants it.

A dinosaur can do a lot of damage as it falls, unfortunately.

The more that China enforces the social credit system, the less worried I am about competition from China. Stagnation is the end result.

The damage it can do in the meantime is incalculable.

I really blame China for the shift away from libertarian thinking and toward both right and left authoritarianism.

The old argument from libertarians was that freedom and modern prosperity are a package deal. Take away freedom and you get poverty, corruption, and stagnation.

That seemed mostly true until the Chinese "miracle." China seems to be proving that you can have prosperity without freedom or human rights. You can allow some amount of freedom in certain select areas, and that's all it takes.

That has in turn opened the door for a whole host of fundamental challenges to freedom and human rights in the West.

I tend to agree, but I’m not optimistic. Historically, the sort of liberal, open society we see in “the west” is an aberration. If there is a causal factor between liberal, open societies and prosperity, it doesn’t seem to be particularly critical. People like to point to the fall of the USSR and the endurance of its former enemies as evidence that these societies are inherently more likely to succeed, but looking farther back in history, I’m inclined to think that was an anomaly.

I’d very much like to be wrong, of course.

This is my worry too.

I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet. Yes, the five eyes nations are actively trying to backdoor crypto, and there is a lot of bullshit going on, but you don't need a license in North America to operate an http daemon. In China you do. The GFW is no joke, and they are seriously trying to bifurcate the Internet.

This sentiment trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet", which probably isn't what you mean.

The US flexes a lot of political muscle to enforce copyright restrictions, maintain secrets, and expand surveillance around the world. That may not be as oppressive as China, but on a scale from "free" to "China", it's still in the "China" half.

"This sentiment trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet", "

No, it doesn't. It means that people who think the US (or the West or whatever) is somehow uniquely evil have an incorrect view of the world and will have incorrect actions in the future as a result. That the US is screwing up doesn't mean that other places aren't screwing up worse. It also means that it isn't only the US screwing up, so if you start arranging your protests and rhetoric and such based on that theory you're going to get played by people who will quite happily play the part of "good guy" for you right up until they close the trap. It also means you may miss allies in the fight, like this guy. There is no way in which incorrectly thinking that the US is the worst or uniquely bad is a good idea.

I believe the US is worse than the HN gestalt thinks it is... but China is absolutely worse. It's a preview of where we're headed if we allow people to convince that we are obligated to hand more and more control over to the government to solve every last possible problem, up to and including hurt feelings.

I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.

Not “uniquely evil.” I think if he’d said what you’re shifting the goalposts to, it would have been an unremarkable comment with few if any replies. He didn’t say that though, and what he did say was very clear and didn’t leave wiggle room for the hyperbole you’re trying to inject.

The actual quote the person you’re responding to was addressing justifies what they said, insofar as it ...trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet". That’s a fair summation of using China as a diversion when people claim that the US is *...An oppressive presence on the internet.” Responding to people who claim that it’s worse than China, or “uniquely evil” is an entirely different conversation no one here was having.

It's not fair to say that the US is close to China in this regard. There are no private or encrypted chat apps available in China. Everybody uses WeChat, which is actively surveilled. It's not uncommon for "private" group chats to be shut down if they talk about sensitive topics. You need a license to run a website inside China. If HN ran inside China, our accounts would be linked to our identities, and we wouldn't be having this conversation.

Consider also the bigger picture. There is no rule of law in China. That guy who is being forced to install spyware on his phone is probably in Xinjiang, where hundreds of thousands (and maybe over a million) people have been detained without charge and on no legal basis. Conviction rates are extremely high because trials aren't fair. Lawyers and activists disappear. Torture and forced confessions are common.

> There is no rule of law in China.

This is the one sentence that everyone on HN must remember when we get into debates about who is better/worse/trump/xi/etc.

In China, you have no rights. There is no recourse. There are no promises made by the state to protect you. This is because of China’s situation where it needs a strong central state to maintain control of the distant provinces and keep from fragmenting, but that is another debate in and of itself.

The US has screwed up horribly many times, for sure, and is not perfect. But here and in many other countries you are innocent until proven guilty and have the ability to take the state to court to fight a decision you disagree with or feel is unfair.

Not only that, but there are significant parts of US jurisprudence that impact people's lives every single day that are the explicit result of citizens winning against the state in court.

Absolutely - and thanks for pointing that out. There’s the same in the UK, Germany, France and many others too.

Nonsense false equivalency.

Yes, in terms of implementing secrets & National Security-related spying there is overall parity, with the US probably a bit ahead of China & Russia.

But in terms of being an average citizen, it is night and day. At least for now, the US is an active open democracy, with a large majority of citizens actively engaged in maintaining the governmental and extra-governmental institutions the maintain democracy, e.g., independent judiciary, co-equal branches of govt, elections, independent journalism, free speech, etc. Even though these are imperfectly implemented and under threat by the current administration (w/increasing evidence of significant compromise by Russia), the US remains overly in the OPEN and FREE column.

In contrast, China is a straight-up autocracy, and it is openly working to ensure it's citizens do not even know their own history (e.g., Tiananmen, Tibet) or current news (e.g., Uyghurs), and have no capability to independently either obtain accurate information, or to organize to respond appropriately if they can somehow get it. And of course the spyware topic of this article, where ordinary citizens can get stopped on the street for failure to install.

This is little different than "May I see your papers please".

Russia is not far behind.

To falsely equate these regimes and their surveillance & interference levels is tantamount to propaganda.

There are interesting discussions to be had about the similarities and differences between China and the US, but saying that "the US is an oppressive presence on the internet" is not without merit. All that is left is disagreement on the relative impacts.

The reasonable people who make that argument are also the important vocal watchdogs who provide the friction against further abuses of power. They shouldn't be casually dismissed just because there are worse governments in the world.

No, it is not merely a difference in degree.

It is a wholesale difference in kind/type.

NatSec ops constrained by a robust constitution implemented by an elected govt, with different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning -- one of the principles on which is was founded (see 2nd, 3rd, 4th, Ammendments for starters), and a vigorous tradition of free speech and free press is one side.

The other is an unelected totalitarian govt with a tradition of actively murdering it's own citizens to consolidate single-party political power, decades (China) or centuries (Russia) of manipulating information to the people, zero free press with active suppression, and active programs in both the civilian and military heirarchy to restrict information and spy on the people.

To even remotely equate these systems and the threat they pose to the people is to either 1) deliberately grossly misrepresent the situation, or 2) display profound ignorance of the issues.

If you want to recognize that there is a vast difference of type and then go on to discuss how the US might be better about what they do, that can be a fine discussion. But the land of 'they're all the same just different degree' is so far from reality as to render discussion useless.

> NatSec ops constrained by a robust constitution implemented by an elected govt, with different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning -- one of the principles on which is was founded (see 2nd, 3rd, 4th, Ammendments for starters), and a vigorous tradition of free speech and free press is one side.

When I think of the FISA court I don’t exactly think of “different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning”. The FISA court is literally a non-adversarial court.

I think the US court system is one of the best designed in the world. But please don’t pretend that the well-developed standard court system is anything like the secret and unaccountable national security court system.

Perhaps you don't think of FISA as a system that protects citizens, but that does not mean it is not so.

You might notice that you're already off in the weeds of international National Security issues and nowhere near the problems of what Russia, China, Iran, etc. are doing. So our system is already fundamentally different.

Then, you might notice that you are completely erroneous about FISA accountability. It is accountable to both higher judges and to Congress -- see the original authorizing act and H.R.2586 in the 113th congress on increasing FISA accountability.

Yes, the FISA courts which deal with national security level secrets are different from open courts, and the accountability has been lax. But if there is any "pretending" here, it is that somehow because FISA courts exist, we're somehow on the same plane as totalitarian and criminal states.

For starters, the FISA courts EXISTS, and does turn down requests. Here, there EXISTS a court system requiring evidence, arguments, and warrants.

It may be imperfect, but there is no such structure whatsoever in Russia, China, Iran etc. -- if they want to spy on someone, foreign or domestic, they just do it.

Again, there's a basis for discussion of how the US, EU, and FVEY countries could do it better.

But there is no basis for discussion with a simplistic and/or propagandistic false equivalence of the open liberal democratic countries and totalitarian regimes.

> Even though these are imperfectly implemented and under threat by the current administration

The current administration is providing one of the greatest demonstrations in US history of just how different the US is from the Russias and Chinas of the world.

Freedom of expression, freedom of speech, freedom of press, is working well given the intensity of the atmosphere in question.

There are routine demonstrations against the administration all over the country, they're not being broken up by thousands of government thugs with clubs and guns, which is what you see in Russia, China and Iran.

A solid 90% of all media is entirely stacked against the administration. Celebrities are openly calling for the President to be coup'd, killed, or otherwise just 'taken out.' Even the media has joined in on that at times. The so called deep state (a collection of entrenched, powerful bureaucracies within the government) have been openly acting against the administration at every turn. And come the post mid-terms - which clearly the Democrats are going to retake the house in - there are going to be approximately a thousand investigations.

Despite the cynics proclamations, and the current cultural insanity (we've seen it before, the late 1960s and 1970s were far worse), the US system is functioning amazingly well. The current administration has accomplished almost nothing of what it would like to do, and will be a lame duck in a few months. In 2 or 6 years, there will be another administration, and that's that. Life will go on, just as it did after LBJ, Nixon or Bush.

There's nothing even remotely comparable to this in Russia or China, and there never has been.

> A solid 90% of all media is entirely stacked against the administration.

No, it's not. The leading dedicated TV news network with about 45% of they audience of that media form is completely and unabashedly cheerleading for the Administration, and not even trying to pretend otherwise, as are major outlets in every other form of media. The idea that 90% of the media is hostile to, or even just not overtly shilling for, the Administration would be amusing if it didn't derive directly from the persecution-complex reinforcing propaganda those same media shills use to keep people locked into their propaganda bubble.

In fact it is true. Even the liberal media outlets openly acknowledge this is the case, they're not hiding their bias in any manner, they're openly "resisting." The well-known Pew study in the first year of his administration showed that the negative media coverage was 3x that vs the Obama Admin. The positive coverage was 1/5 that of what the Obama Admin saw. It has only gotten worse since then.

"News Coverage Of Trump More Negative Than For Other Presidents"


MSNBC, CBS News, NBC News, ABC News, CNN, NY Times, Washington Post, Bloomberg, NPR, all talk-show hosts, nearly all journalists (roughly 9 out of 10 vote Democrat to begin with), nearly all celebrities, essentially all of Hollywood - these groups are all as close to universally against Trump as you can get. It's not subtle, it's nearly all-encompassing. Estimating that 90% of media is stacked against the Trump Administration is an understatement.

That looks like you want presidents to be graded on a curve. Maybe more negative articles have been written about Trump because he's governing in a negative, divisive, chaotic manner and there are countless of examples where he lies or behaves badly that warrant negative coverage.

> In China you do.


It's always sad on the Let's Encrypt forum when someone fails to get a cert and the reason turns out to be that the hosting provider has blocked all inbound HTTP connections because the user's web site wasn't licensed. This is a regular event, most recently reported this past weekend.

It's worth keeping a sense of perspective, but, at the same time, I don't think pointing out X is unambiguously more oppressive than Y does anything to address the original assertion that X is oppressive. That'd be like responding to someone claiming that Seattle is rainy by lecturing them about Bangladesh's climate.

That's a bit of a straw man.

The concern is the western countries taking actions to become more like China rather than less like China. It's natural to worry about convergence because eventually these things just become run away systems that are too entrenched to change.

Think about how we used to differentiate ourselves from the totalitarian regimes of the world in the post war communist fighting era. This pool of attributes is shrinking. Indefinite imprisonment without trail, national security letters, labelling the media as traitors, labelling companies that enable encryption as traitors, an omnipresent eavesdropping apparatus, etc...

US is not perfect too (but nowhere near China). For example, it is incredibly difficult to become an independent president candidate: you need to get ballot access in all states, and every state has its own rules.

You can't be serious.

The challenge of filing presidential candidate paperwork in the US versus the challenges of having a contrarian political opinion in China are nowhere near each other in level of hardship.

The worst part is this might also motivate other nations to develop their own "internet" and strictly control what goes out of their borders.

So Chinese NSA is "no joke", because they are manually installing apps instead of using baseband backdoor?

The obvious and rational response to what you’re saying is that the US government is an oppressive force on the internet (and elsewhere), just not as much as China, which is the most oppressive except for North Korea. Then I’d ask if being so low on the spectrum is acceptable, when the best that can be said is that it’s better than China and North Korea. Yemen for example, can happily boast that they have fewer guns per capita than the US, by an order of magnitude too! But um... how many people would leave the US for Yemen? Just comparing two countries in a narrow metric while ignoring context is unwise at best, deceptive at worst.

Moreover it does nothing to dispel concerns held by people who feel the US is an oppressive force online. They might for example, point out that while China oppresses their own citizens, the US has more of a global impact as a result of their foreign policy and massive corporations. If they then pointed out that you’re essentially comparing apples and oranges, and asked you why you thought that was an appropriate response to their concerns, you would say...?

I agree. I was living in Italy during the Berlusconi years, every time there was a new law designed to limit personal rights or freedoms, someone would reply "then what about XYZ" where XYZ was invariably what Freedom House would describe as a non-free or partially-free country. No one ever tried to compare Italy to, say, Sweden or Denmark. Once the 'race to the bottom' mentality becomes mainstream, it can do a lot of damage.

"This isn't like in China."

This really is whataboutism. Two things can be differently oppressive at once, and if you don't push back actively the line moves on you.

And I equally support bringing the US/Five Eyes SIGINT activities to the attention of as many people as possible, and calling out bullshit like the australian government trying to backdoor crypto:


The counterpoint to your claim of whataboutism is that it is possible to simultaneously denounce both the Chinese government's activities and the US, while at the same time critically and rationally examining their differences in methodology. And documenting where they are the same (NSA/CIA hoards zero-days, Chinese intelligence does the same, etc).

At least in China they are open about.

Many of the laws that govern internet usage in China are considered state secrets, hardly open! The list of websites blocked by the GFW is a state secret, for example. Not only that, but regulations are enforced arbitrarily and often even retroactively. To top it off, the Chinese constitution garauntees freedom of speech, press, religion, but is just an ignored document.

In a country where rule by law is more prominent than rule of law, this shouldn’t be weird.

That's somehow better?


Doing something bad openly is better than doing it, but trying to hide the fact that you do it, while pretending in public to be innocent or worse, encouraging condemnation of others who do the same thing openly.

? china does pretend all of the evil things they do are for the good of their citizens and to uphold their societal morals

to protect the harmony of the society, yes.

Forget about state organizations, Google itself is already malware-as-a-service as far as the Android ecosystem is concerned. Regardless of whether or not the user expects it, the fact is most Android phones ship with Google play and this is uninstallable without taking extreme measures like rooting/bootloader unlocking (if even possible). You can pay hundreds of dollars for a device you then own but still have no control over the software and your data.

Lets look at what the linked post claims:

> It basically sends the IMEI and other phone metadata

Google services do this to some degree. Location data, everything. And isn't the IMEI broadcast by the baseband itself?

> as well as file hashes, to a server

Google checksums and uploads files on both mobile and PC as part of their supposed malware heuristics and prevention.

> It also monitors messages sent via otherwise secure apps

This is somewhat malicious, and I'm honestly not sure to what degree Google services are able to intercept or "monitor" app communications.

> I don't know whether it includes sophisticated anti-tempering features or not

Google services certainly do, so much so that projects like MicroG require "signature spoofing" to function. Indirectly, Google has replaced open frameworks with proprietary ones, increasing the reliance of userspace Android on Google services. Google does not want you having freedom and tampering in any way with their ecosystem.

To my mind, the state of consumer technology in the West, and the more aggressive measures like China is taking, are two sides of the same coin. But somehow one fosters complacency despite being just as invasive.

google might be doing the same thing, but google doesn't have men with guns forcing you to use google play services

True, but the people with guns can very easily get the data from google.

and google will have nothing because you don't have google play services installed.

Google can't put you into an internment camp, strip you of all human rights, effectively torture and or oppress your family and everyone you know, as China is doing to 13 million Muslims in Xinjiang.

The difference between what a private sector corporation in the US can do to you, and what the Chinese Government can do to you in China, could hardly be greater. It's an absurdity to pretend they're comparable things.

While Google cannot put you in jail, Google can give your data to government (that can put you in jail). There is no big difference between large private company having the data or the government.

Of course Western surveillance on the Internet cannot be even remotely compared to what happens in China.

>Google can't put you into an internment camp, strip you of all human rights, effectively torture and or oppress your family and everyone you know, as China is doing to 13 million Muslims in Xinjiang

The entire population of Xinjiang is 23 million, you're several orders of magnitude off there.

You're entirely correct that it isn't even comparable. However, I was responding to the specific surveillance practices linked in the OP, and the comment I replied to was discussing the "presence on the Internet", not as broad a topic as the entirety of China's regime.

How true are the reports about treatment of Falun Gong?

We detached this subthread from https://news.ycombinator.com/item?id=18062476 and marked it off-topic.

Perhaps, but the parent was talking about enormous amounts of people being detained without charge in China. Falun Gong seem to be a very egregious (organ harvesting and tortured to death!) example of this.

It appears that they are treated horrifically by the Chinese Communist Party. Falun Gong was founded in the 1990s as a Buddhist sect, and it grew rapidly. The CCP doesn't tolerate ideological rivals or power structures it doesn't control, so it banned them and propagandised them as an evil and dangerous cult, which is how they're widely seen in China today. Hundreds of thousands have been detained, and thousands have died in custody. There are reports of widespread organ harvesting:

Lavee describes how his attitude changed dramatically when a patient told him he was travelling to China for a scheduled heart transplant. This idea was shocking to Lavee, because the circumstances of death that allow heart donation cannot be predicted.


The CCP claimed that they stopped using organs forcibly taken from prisoners in 2015, but not everybody is convinced by that claim.

Overall, they are treated as inhuman. There's also the photo on the Wikipedia page for cattle prods: https://en.wikipedia.org/wiki/Cattle_prod

Wow, tough to read but thank you for bringing this to my attention.

It’s really awful Western countries just put up with it because they’re afraid of offending China. Not even the Soviets thought to make such use of the millions of people they executed.

The Soviets did a lot of human experimentation.

Oddly enough this very thread got detached for being "off topic."


It's disgusting that you'd offer such a comment in response to credible reports about forced organ donation. That the victims' leader holds silly beliefs in no way justifies, excuses, or even explains their murder by the authorities in the slightest. All it can be is a distraction from a deliberate horror.

If the US was jailing and murdering Scientologists for their organs, I’d be pretty mad. This is awful, the Falun Gong are human, and this should be condemned, regardless of what they believe.


China is irrelevant to the average western internet user, to whom the US govt is indeed an oppressive presence.

Please keep the tedious cliché that 'whataboutism' has turned into off HN. I don't know how it started but it's now nothing but a flamewar trope.

We detached this subthread from https://news.ycombinator.com/item?id=18061698 and marked it off-topic.

Some things are cliche because they’re so often repeated, and sometimes they’re repeated so often because they’re often apt. Are we really not allowed to call a spade a spade? I can understand that just saying, “whataboutism” and nothing more would be low effort shitppsting, but in the context of a reasoned argument pointing out how something truly is just whataboutism, we’re not supposed to point that out?

The comment that set this all off was short and made a single point that can be accurately described by a cliche. There was nothing else to it. I an understand not wanting people to dismiss real arguments with cliches, but I don’t think that’s what happened here. When someone brags about using a straw man to deflect reasonable criticism, it merits a response.

> When someone brags about using a straw man to deflect reasonable criticism, it merits a response.

Maybe, but that response shouldn't just classify the argument as an instance of the cliche, since that would be low-effort shitposting, as you point out. HN already has the downvote arrow to express that kind of disagreement.

I’ve published apps on the Play Store. There seem to be multiple people who rip off these apps, stuff them with adware and who knows what else, and upload them to dubious third-party stores. As far as I can tell (but I admit I haven’t investigated deeply) this mostly originates in Russia and China. So China is very relevant to me as an app developer, and to my users, as a significant threat.

I am curious, does people uploading pirated versions of your app to third party stores really impact you? I imagine most of your users would only be on the Play Store. From my understanding, piracy isn't a much of a problem so long as it's not happening on main platform. Is there something I am missing?

For one thing, the fact that the pirated versions might be malware or otherwise harmful could impact his/her reputation or brand.

Right -- I gave up trying to fix the problem, for example via some kind of copy protection, as I can’t think of a good non-risky solution and figured the sales impact was small. But I hate that potential users are put at risk just by googling for free copies.

I guess adding “legit” mobile ads might help, but I don’t like that as I think mobile ads are a completely miserable experience. And people would probably still rip it off and install their own ads anyway.

You simply can’t trust any APKs you find by googling. (Obvious to most people on HN, of course.)

Brand damage is a good point, but I believe that most genuine customers will not go to strange websites or obscure app stores to download your app, and those who do probably aren't the sort of "customers" you'd want. Hence, I couldn't see why it's much of a problem. The genuine user will more than likely just download it on Google Play. If there were people ripping off your app and putting it on Google Play, that would be different and worth worrying about.

I'm curious why my original question was downvoted. I thought it was a valid question.

I think it’s a good question!

One thing I want to add is, many people around the world (for example many in India and China) don’t have access to Google Play. People with Amazon devices don’t have Google Play (although it doesn’t seem like there a lot of them).

It’s difficult for a small team to deliver a good product to all those different groups of people, and it’s frustrating that they’re instead serviced by the black market.

The average Hackernews now seems to believe that Chinese goods are "safe" because China doesn't have surveillance treaties with the U.S.

You know, because China would NEVER attempt to spy on, influence, or blackmail foreign programmers, business people, scientists, or other professionals.

The sarcasm is noted, but don't ignore the fact that an increasingly powerful collection of voices view China as safe and the US as an oligarchy bordering on fascism. While I personally don't agree, if we ignore those voices, they'll keep getting louder until it's all anyone hears.

Yeah, back in the 70s an increasingly powerful collection of voices thought Pol Pot's killing fields were fabrications of American propaganda, and that if genocide happened in Cambodia, it was at American hands. They had to backpedal hard when the truth came out.

The internet is a globally interconnected system, one nation-state messing with a part of it is not whataboutism. Civil rights violations and abuses in other parts of the world are also an issue that nobody should ignore.

China publishes a report every year on human rights abuses in the USA that has a number of valid criticisms (incarceration rate of black males, police shootings, etc), but that doesn't make the US Department of State's report on Chinese human rights abuses any less valid.

Everything you've said may be true, and yet your comment is still a perfect example of whataboutism. I mean, just read it:

> I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.

Why do you feel the need to bring up China when someone talks about the US govt spying on their online activities?

I think the distinction is that the United States treats "spying on online activities" as a signals intelligence/passive gathering system and methodology. The US government doesn't arbitrarily regulate BGP4 tables and IX points, run a GFW like system on all international submarine cables (though traffic may be passively tapped by the NSA), require licenses for http daemons, or forcibly install spyware on citizens' phones.

The active measures taken by the Chinese government are pretty much the opposite of the US/Five Eyes' SIGINT approach to things.

I do not agree with either, and think that both should be highly publicized, and awareness raised. However I think that the Chinese method of police state social control is on a whole other magnitude of "fucking with the Internet" than what is possible in the US with constitutionally/bill of rights protected freedoms.

Again, everything you've said may be true.. is true, and yet your comment is still a perfect example of whataboutism. I mean, just read it:

> I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.

Why do you feel the need to bring up China when someone talks about the US govt spying on their online activities?

China is an order of magnitude times worse than the US. I'm not sure why you feel the need to keep arguing that point when I already agreed. But none of that is relevant when someone is complaining that they don't like their own US govt spying on them, "passive" or otherwise. For you to bring up China in that context is whataboutism.

"Everything you've said may be true, and yet your comment is still a perfect example of whataboutism."

The initial topic of this thread is China, not the US, so it seems to me that criticizing China cannot, by definition, be whataboutism in this particular context.

I'm not personally inclined to dismiss things as "whataboutism" as though it were an automatic debate ender, but if you do, then you have to restrict your discussion to China's sins in this thread.

I'm not talking about this thread or the discussion in this thread, I'm talking about this:

> I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.

In January, the US Senate passed a bill to renew the NSA’s warrantless internet surveillance program for six years with minimal changes. If walrus01's friends had brought up that topic at the time, it sounds like he'd have defended the program because China is worse. Whataboutism.


Calling out hypothetical whataboutism of someone else is like whataboutism squared on your part, though. Hyper-whataboutism. Meta-whataboutism.

Not that there's anything wrong with that, of course.

Unless any of us on here are personally representing nation states at a diplomatic level with roughly similar levels of violent shenanigans as each other, whataboutism really does not apply.

I've seen it referred to as the hypocrites favourite meme, and I am inclined to agree.

Also, China is hardly irrelevant, least of all here, a discussion thread about the technical issues surrounding state surveillance in China.

Meta-whataboutism - use "whataboutism" in a discussion to block others from pointing hypocrisy :-) It's a nifty trick, I use it once in a while as well.

But to be serious, I don't see how China is irrelevant to the average Westerner.

They manufacture a lot of the products consumed in the West. They are also responsible for a lot of the plastic floating in the water http://www.latimes.com/science/sciencenow/la-sci-sn-tons-of-...

From a US perspective:

They are responsible for the most damaging intelligence breach in US history https://en.wikipedia.org/wiki/Office_of_Personnel_Management....

Google, a US company, is starting to head toward China and play in that market after getting tired of not being evil.

US senator heading the Intelligence Committee had a Chinese spy right under her nose for almost 2 decades: https://www.washingtonpost.com/opinions/explain-the-chinese-...

Even for the rest of the world with China and US clashing over spheres of influence and doing their power-play everyone is affected.

It seems like a pretty safe assumption that google will just play along with the Chinese government and force spyware into phones via play or some update mechanism, if they aren't already working on this.

Stopping people at random on the street to make sure an app is installed seems quite inefficient.

Could be a pilot project

Stopping people on the street is also very bad PR and leads to submissions like this. They would be better off doing what you suggested.

This shows why it’s actually quite efficient. The bad PR is part of the whole effect. They don’t want to silently monitor these people, they want to control them, and making it known that they can be stopped at any time and forced to submit is part of the deal.

There's very little "playing along" between Google and China, far less than Apple. Search is the only product that has a chance of working there right now, Play Store is just dead weight there, and most companies that ship Android in China will bundle their own app store. Apple iOS bundles a spyware system module on the other hand (for China only).

“Apple iOS bundles a spyware system module on the other hand (for China only).“

You can’t just state this as fact without any sourcing. While they may be forced to do so in the future do you have proof this is happening now?

It's more hidden after iOS 7. If you want to start looking, check old GSCapabilities and go from there.

I started looking but the only thing related to china was this green tea thing, but

> "Green-Tea" is a code name for devices sold in China. Green-Tea devices have restricted access to various applications e.g. Maps.

isn't exactly a smoking colt for a spyware. Could you be more specific?

This is incorrect.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact