Security analysts have uncovered Massistant, a powerful mobile forensics tool used by Chinese law enforcement to extract personal data from smartphones.
The tool, which is likely the successor to an earlier app called MFSocket, can access messages, images, call logs, location data, and more, raising concerns for travelers, journalists, and business professionals entering mainland China.
The discovery was made by the Lookout Threat Lab, which has been tracking forensic software tied to Chinese policing agencies since 2019. Their latest report details how Massistant operates in tandem with desktop software to collect large volumes of data from a device that's been physically seized. Like its predecessor, it's attributed to Meiya Pico, now known as SDIC Intelligence Xiamen Information Co., a major Chinese cybersecurity and surveillance firm that dominates the country's forensics market.
Massistant isn't delivered through app stores or malicious links; instead, it must be manually installed, typically after a device is confiscated at border crossings or during police inspections. Once installed, the app prompts for permissions, granting full access to the phone's content. It communicates over a local connection using port 10102, the same method used by MFSocket, and works alongside desktop tools to harvest data while avoiding internet-based detection.
Lookout
Though most users would never encounter it under normal circumstances, reports have emerged from Chinese online forums as far back as 2020, with users asking how to remove Massistant after discovering it on their phones following interactions with police. Some posts also claim it's illegal to uninstall, although Lookout has found no official policy confirming this.
Meiya Pico has a long history of building surveillance technology for Chinese law enforcement, including its Mobile Master product line. It has also trained security officials from over two dozen Belt and Road Initiative countries, and previously sold forensic tools to international partners, including Russian security services, though some of those transactions were later invalidated due to fraud.
With Massistant, Meiya Pico appears to have modernized its toolkit. The app now utilizes Android's Accessibility Services to automatically bypass security prompts, making installation smoother for law enforcement agents. It can also extract data from encrypted messaging apps like Signal and Letstalk, expanding its surveillance reach beyond Telegram, which MFSocket had targeted.
While Massistant doesn't appear to upload data over the internet on its own, Lookout notes that it could leave behind logs or artifacts indicating that a device was compromised. In some cases, researchers have reported “headless” surveillance modules (apps with no visible interface) remaining on returned devices, capable of ongoing monitoring after a search.
In 2024, China passed legislation granting law enforcement broader authority to inspect mobile devices without a warrant, making tools like Massistant more concerning for foreign visitors. Travelers, especially those in journalism, activism, or business, could be at risk if their devices are briefly confiscated at customs or during local police interactions.
For individuals traveling to mainland China, it is recommended to use clean or temporary devices containing no sensitive data, activate elevated security mechanisms (Advanced Protection on Android and Apple Lockdown Mode on iOS), and check for new apps or setting changes after crossing borders.
Leave a Reply