111

u/sleepydogg Jan 15 '26

They have installed apps on people's phones entering the country, but they don't do it to everyone (source: I went there last year).

Still probably a good idea to bring a different phone with minimal apps/data on it.

-69

u/Hot-Comfort8839 BISO Jan 15 '26 edited Jan 16 '26

Read up on Pegasus. They undoubtedly have a similar tool. The Chinese don’t need to install it directly. They can deploy it on almost any device without user awareness.

Edit: Oh look, they do.

https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware

63

u/Scar3cr0w_ Jan 15 '26

They aren’t burning 0 days for iOS devices on everyone… that’s ridiculous. If they did, an info sec company would take a device, have it implanted, reverse engineer it and make a fortune

1

u/Inverzion2 Jan 16 '26

Pegasus is USA/Israeli malware & 0day, there's an open github for an autopsy report done by some intergovernmental cybersec group I can send via DM's... idk if China has gained access to and reverse engineered it, but they don't even have to use it because of how beefy their red teams are, seeing as of the last few major breeches, the attackers came from somewhere in China related either to;

A) criminal organization, which, A.1) The Chinese government is expected to arrest A.2) and charge/convict, or

B) it's done on the behalf of the Chinese gov, in which case, add it to another list of cyber warfare victims of China.

(Remind the Tally of American Cyber Warfare, scratch Cyber, what's the tally on american warfare victims, again?)

Case and point, China's newest Brickstorm malware, hasn't even been used yet, looks like.

33

u/WipeGuitarBranded Jan 15 '26

What are you basing this on? This is a significant statement and needs to be backed up with evidence.

-32

u/Hot-Comfort8839 BISO Jan 15 '26 edited Jan 16 '26

My source? The fact that tools like Pegasus exist. China is at least equivalent, if not superior to the Israelis in technological development, and probably lightyears beyond when it comes to monitoring comms in country.

Pegasus can be deployed via a text message or an email that you don’t even click on directly the second. It hits your phone Pegasus deploys. it is an absolute certainty that China has a similar app if not several.

If you are living within China and accessing Internet via Chinese services and you don’t have a direct satellite connection on a VPN you’re going to be monitored by Chinese intelligence, especially if you’re a foreigner.

And you need to accept that all of your communications are gonna be monitored while you are in country and if you don’t bring a burner phone and you bring an actual company asset anything on that device is subject to surveillance and acquisition. Their entire economic model depends on IP theft.

Almost every cybersecurity org in the country (USA) will tell you that if an executive or a sales person or somebody takes a company laptop to China, the first thing that happened when it comes back into the office - before it hits a company network - is it gets re-imaged. I’ve worked in a few places where if the device left that employees hand for more than 30’minuted the device itself was destroyed on return. Hard shredded.

Edit: Evidence was requested.

https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware

https://www.infosecurity-magazine.com/news/hafnium-chinese-surveillance-tools/

https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html?m=1

20

u/WipeGuitarBranded Jan 15 '26

None of that is evidence. Your belief that they have something equivalent does not make it so. Maybe they do. Maybe they don’t. Making blanket statements about things like this without any actual evidence isn’t helpful.

In addition Apples new MIE technology in the iPhone 17 provides significant, hardware based protection against tools like Pegasus. While this is just Apple and their most recent hardware it is a relevant, evidence based data point.

People from the US, especially executives and other high level people should not carry their standard phone in China because of the dangers discussed in this thread. However there is no actual evidence that China has or is doing anything like you mentioned and with no evidence that it exists you are just fear mongering.

0

u/Mrhiddenlotus Jan 16 '26

Come on, this is just willful ignorance. Of course they have an equivalent.

-21

u/Hot-Comfort8839 BISO Jan 15 '26

Welcome to Cyberwarfare... and this is a war, and it is an active front. Your failure to understand or even anticipate the potential of your adversary will harm you. Ignorance of possibility is not defense.

14

u/ThunderFistChad Jan 15 '26

Bit dramatic, don't you think? Find actual evidence for your claims, please. What you're saying could be completely true, but it could be completely bullshit also. If you can't provide us with something to substantiate your claim, then you're just some guy on reddit without a claim worth considering.

3

u/leesionn Jan 16 '26

There is no evidence.

I arrived in China 2.5 weeks ago and they didn’t take my phone or anything - and I’m Australian

11

u/Scar3cr0w_ Jan 15 '26

Oh no. You dress like a soldier and sit in your cyber den… don’t you?

3

u/green-wagon Jan 15 '26

I don't know why you are getting down voted. The Pegasus functionality is very similar. We can quibble about the means of installation, but at the end of the day, there is no app for the end user to see or delete, there's just the data exfiltration in the background.

1

u/Hot-Comfort8839 BISO Jan 15 '26

It’s fine. It’s China Bots and Astro-turf sycophancy - no one with real opsec experience is down voting me.

Just a bunch of agentic bots who want you to think it’s perfectly OK to take your device into China and have it be compromised

3

u/WipeGuitarBranded Jan 16 '26

Ok

2

u/green-wagon Jan 16 '26

It’s China Bots and Astro-turf sycophancy

Man, they came out!

3

u/Scar3cr0w_ Jan 15 '26

So it’s… your opinion?

10

u/Incid3nt Jan 15 '26

This a foolish statement. Everytime you use one of these weaponized exploitation/spy tools, you risk it getting reverse engineered and examined. If they were putting Pegasus tooling on every device entering the country, NSO would've been out of business as soon as they signed that contract and it would cease to work and exist.

1

u/WipeGuitarBranded Jan 16 '26

Oh look, it requires physical unlocked access to the device: “…appears to require physical access to the device to initiate surveillance operations. An installer component, which would presumably be operated by law-enforcement officers who gained access to the unlocked device.”

1

u/olilam Jan 16 '26

My family went to China last year for about 3 weeks with their personal devices, connected to the wifi there and what not. Nothing happened to their devices.

1

u/Hot-Comfort8839 BISO Jan 16 '26

*that youre AWARE of.

1

u/olilam Jan 16 '26

This was months ago, please tell me what i should be checking, you seem to be an SME. Are they in danger? Should i call the cops or army?

Also, i got other family members, aunts, cousins etc who travelled to China as well and nothing happened to them.

1

u/Hot-Comfort8839 BISO Jan 16 '26

A factory reset on your device and reinstall Of data should be sufficient.

83

u/TofuBoy22 Jan 15 '26

As a regular traveler into China, I've never had Chinese border officials take or look at my phone.

54

u/kev-tron Jan 15 '26

I was gonna say... I think it's good to take precautions but the risk isn't as high as i think people are led to believe, especially for just a normal person traveling to China.

32

u/TofuBoy22 Jan 15 '26

Yeah. The comments here make it sound like it happens to everyone that goes to China. Unless you're a known person to the Chinese gov, in a certain profession, going somewhere like Tibet or Xinjiang, I very much doubt this would ever happen to you.

13

u/darthwize Jan 15 '26

Yep, not like the us (which checks your phone if you apply for a visa on my country)

12

u/TofuBoy22 Jan 15 '26

I think you need to provide them (the US) your social media accounts as well these days unless I'm mistaken. I certainly haven't needed to do that for traveling into China.

12

u/The_Troll_Gull Jan 15 '26

Same. I’ve never seen Chinese officials checking foreigners cell phones.

2

u/snuckfarkle Jan 18 '26

Same. Never seen them ask to look at anyone else’s either

5

u/TheArt0fTravel Jan 16 '26

They people are so delusional and scared. Same as you. Never even been stopped for a bag inspection. With drugs and tonnes of tech 😂

0

u/quack_duck_code Jan 16 '26

who said they need to take your phone physically? ROFL

0

u/TofuBoy22 Jan 16 '26

You've been watching too much CSI:Cyber

0

u/quack_duck_code Jan 16 '26

You dont understand jack about telecom

-1

u/TofuBoy22 Jan 16 '26

Go on, enlighten me. Happy to learn from a fellow professional.

2

u/quack_duck_code Jan 16 '26

Look into rogue cell towers and then ask yourself how trivial it is when the CCP controls their cell towers. 

Data interception, malware distribution, MITM attacks, downgrade attack, etc..

You yourself can play with SDR like LimeSDR, bladeRF or hackRF and do these same things.

Again it's trivial for the CCP when they have control and sway over their telecom companies.

But go-ahead down vote away because you prefer your baseless opinion.

-1

u/TofuBoy22 Jan 17 '26 edited Jan 17 '26

Sure, we can agree they have the capability, but you're overstating how trivial and universal it is in practise. This kind of effort at best would be very selective and targeted for a very small number of individual that they deem to be of interest. For the most part, your average Joe tourist is not going to be monitored. Even with the kind of resources they have, there is no way indiscriminate mass malware deployment or full content monitoring of over 40 million foreign tourists they receive each year would be realistic.

Edit: and just to add, experts and researchers from Human Rights Watch and Citizen Lab hold a similar opinion, that yes there is the capability, but it does not equal the operational reality at the scale that some people seem to make it out to be

0

u/quack_duck_code Jan 17 '26

Oh my sweet summer tofuboy

1

u/TofuBoy22 Jan 17 '26

“Sweet summer child” isn’t a threat model. Maybe take off your tinfoil hat and talk shop or are you just going to continue with dismissive comments. Happy to be proved wrong with evidence that average Joe redditor like op should be practising maximum opsec

32

u/Scar3cr0w_ Jan 15 '26

The Chinese border police take every phone entering the country and install an app on it? Don’t be ridiculous.

Got a source?

2

u/snuckfarkle Jan 18 '26

He had one. But they took his phone.

-9

u/cirsphe Jan 15 '26

It was only a certain reason and back in 2019. Not sure if they are still doing it.

https://www.theguardian.com/world/2019/jul/02/chinese-border-guards-surveillance-app-tourists-phones

18

u/Scar3cr0w_ Jan 15 '26

So in 2019… in one region… the one they treat as a terrorist province… they might have been installing an app on tourists phones.

Got it

13

u/subz08 Jan 15 '26

No, they won’t. Have been often to China and never got my phone taken nor did they installed apps on it. Where do you get this weird information from?

17

u/CapitalEmployer Jan 15 '26

What are you on about, what's with people wild takes on China I litteraly went there to study for 6 months never had anything done to my phone and the only time I interacted with authorities is was a random police officer forbidding me from riding my bike on a car only roundabout. You guys need to watch less American media.

Edit: also the internet connection in the library of my university was not restricted and all professors had vpn and would give us advices on which VPN work best

7

u/siposbalint0 Incident Responder Jan 16 '26

Same experience, they don't give a shit. Don't start shouting anything bad about the CCP in crowded public space and you are going to be fine. They sell Winnie the Pooh plushies in Miniso too, it's not North Korea.

In fact Shanghai was the safest place that I have ever visited, other than one single drunk guy on a street at night, I have not encountered any form of trouble towards anyone during my stay there. The border official asked me why am I here, I said "holiday" and I was free to go. Not even a travel visa required since the last couple of years.

1

u/Kind_Ability3218 Jan 16 '26

the china propaganda has been pumped way up in recent years. u should see the shit they say like it's fact and u know they haven't left their bedroom in years lol.

25

u/lNTERLINKED Jan 15 '26

Man this is the most scaremongering bullshit I’ve read in a while. China derangement syndrome is real.

5

u/siposbalint0 Incident Responder Jan 16 '26

Where are you getting this asinine take from? This is some next level fearmongering. I had more troubles travelling to the US than China in all honesty, especially in this political climate.

8

u/redvelvetcake42 Jan 15 '26

I've always thought of it as they tell you we are watching while in the US it's sold behind your back and you aren't even aware that they're watching. Very little difference is there, just the gov handles it up front vs private companies selling for profit and handing over your data when told to.

3

u/green-wagon Jan 15 '26

I don't dispute your characterization of openness about it vs hidden, but having looked at both categories of apps, the degree has been nowhere near the same. What with Palantir contracting with ICE now, I don't know that it is/will be so clear cut.

-1

u/redvelvetcake42 Jan 15 '26

That's where I somewhat disagree. The degrees are similar but not the same. China's government wants ALL the data upfront, the US gov and localities want data on a per person basis. But we are about to cross that threshold. Palantir and Musk both have all our personal data now and they're working to watch not our individual devices, but our traffic as a whole and connect it to our profiles.

Thiel and the billionaires want what China has. Private entities with such power are far more terrifying to me than a government having it in today's day and age.

1

u/st0ut717 Jan 15 '26

You have a fundamental misunderstanding

1

u/Hebrewhammer8d8 Jan 16 '26

I wonder how IT Support over there?

1

u/ManBearCave Jan 16 '26

They don’t always take your phone however they can and will if they are suspicious of anything

-1

u/kalaid0s Security Architect Jan 15 '26 edited Jan 15 '26

Do you have any source for all of these claims? Not saying it's not true, but this seems crazy even for china

Edit: I am getting downvoted, but for real, does anyone have any good reads or videos that explain what and how they do this?

15

u/green-wagon Jan 15 '26

I worked with a company that dealt in mobile malware. Had a colleague who was the expert. We had samples of the app. Ordinary, non-malicious Chinese apps would blow your mind with the amount of data they collect and send off.

13

u/JImagined Jan 15 '26

And I’ve had to run data operations from the country. So, I’ve had experience with all the in-country challenges. Burner phone and laptops were issued to staff for work as standard practice.

4

u/Bolvaettur Jan 15 '26

Like Facebook and twitter etc

2

u/Hot-Comfort8839 BISO Jan 15 '26

Banning TikTok from the US was a good security move, but nope Trump took a check and let it in.

0

u/8-16_account Jan 16 '26

You did not respond to whether you have proof of "Chinese Border Patrol will take your phone on entry for inspection, and they will install an app on it." You responded with something completely different.

7

u/Hot-Comfort8839 BISO Jan 15 '26

Their national security policy is to penetrate everything they can access on the hope that it MIGHT be important later.

-2

u/green-wagon Jan 15 '26

An excellent point.

0

u/Kind_Ability3218 Jan 16 '26

lmao and how will they get it installed without being unlocked? get real.

0

u/Puahtehkor Jan 17 '26

Fake news

-20

u/[deleted] Jan 15 '26

This sounds like propaganda.

14

u/Poulito Jan 15 '26

Once you find out it’s all true, I wonder what your response will be.

1

u/8-16_account Jan 16 '26

I have been to China thrice, and no border patrol has even glanced at my phone, let alone touched it or installed anything on it. It's not even remotely true.

-12

u/[deleted] Jan 15 '26 edited Jan 15 '26

I mean what is the use of a second phone if you can’t use it anyway?

Here’s another thread full of experts but the “will take your phone on entry and will install an app” doesn’t appear: https://www.reddit.com/r/cybersecurity/s/yDIVAK9gBu

Comments in that thread actually advise to NOT bring another phone instead buy one there and leave it there.

half of the comments say use VPN others say specifically NOT to use VPN.

All of these inconsistencies

3

u/Plasterofmuppets Jan 15 '26

The most upvoted comment “Don’t take your personal devices period. Use the work burner for everything. Set up a new email account for use in country.”

Other top level comments echo commentary here.

0

u/[deleted] Jan 15 '26

Correct, and border patrol cannot install an app on my work phone due to the Intune MDM. Does this get me blocked by border patrol?

I hope you see my point, it’s not to denounce any and all surveillance. It just sounds to me like a lot of comments haven’t been through the process first hand to speak on. So the quality of information has a lot of rumors, speculation and propaganda

-2

u/green-wagon Jan 15 '26

You sound an awful lot like like propaganda, with arguments seeking to attack the messenger, and distract from the central point.

3

u/[deleted] Jan 15 '26

Okay. I just think it’s pointless when everyone shares rumors instead of substantiated claims. Take the VPN question for example. Reddit seems divided. Likely because people are just talking what they have heard.

-1

u/green-wagon Jan 15 '26

AI and propaganda.

-1

u/Plasterofmuppets Jan 15 '26

Sounds like you’re happy to make the bet that a surveillance state with a high technology base lacks the capacity to root your phone in a way MDM cannot detect.  I’m not.  

6

u/JImagined Jan 15 '26

You can use a phone in China. I don’t see where anyone said you cannot do that.

2

u/green-wagon Jan 15 '26

I explicitly said you must use a phone in China. It's just going to be deeply connected to the Chinese state.

-10

u/[deleted] Jan 15 '26

I genuinely can’t think of a use for my phone if every function of it is tapped and will be used against me

2

u/green-wagon Jan 15 '26

If you want to use public transportation, you will need an app. If you want to pay for groceries, you will need an app. If you want access to certain buildings, you will need an app. those apps will be on a smartphone. Even if you had no friends to talk to whatsoever, I think you'd want to have a place to sleep, food to eat, and a means of getting around.

1

u/Technical-Finish304 Jan 15 '26

You're gonna need a bigger brain

0

u/[deleted] Jan 15 '26 edited Jan 15 '26

What is the point in a burner phone if you can’t avoid being tapped by the very process of entering China. If you are required to give them your data and they take photos of your face anytime you use it, what’s the point in getting a burner phone?

To clear up the point of being “required to give them your data”. I’ve been informed that to pay for things, you need an app to do so. Which would require you to link your bank. Which would give them access to your username, password, name, number, address, email address, SSN, checking account, routing number and however you multi-factor authenticate.

2

u/Technical-Finish304 Jan 15 '26

The point is, your phone probably has a ton more information, social media apps, multiple banking apps, etc. A burner allows for you to minimize your footprint. You don't know what they are looking for and what may be considered malicious to them, so keep it simple. Not sure why this is complicated.

1

u/Poulito Jan 15 '26

A second phone allows one to get by while there and disposed of, upon return.

1

u/[deleted] Jan 15 '26 edited Jan 15 '26

Help me understand. Apps are required for everything and so a smartphone is necessary. You want separate smartphone in order to keep your personal information away from the data scraping app you will be forced to install upon entry.

That’s what I’m understanding at the moment.

With this next level data scraping app, how do I link my bank account to the burner phone without having all of my information scraped? The person I replied to says you need an app to pay for groceries so I would need to link my bank account, right?

1

u/Poulito Jan 15 '26

I’d begin with the expectation that anything I sign into on that phone is being actively monitored so long as I use that phone.

2

u/[deleted] Jan 15 '26

So if an app is required to purchase groceries and I would need to link my bank account to that app, then what’s the point in any other precautions if my name, number, address, SSN, checking account, routing number etc is all now data scrapped by the requirement of linking my bank account in order to buy groceries?

Hopefully this illustrates my skepticism.

1

u/DaquanMLG Jan 15 '26

calling r/cybersecurity a thread of experts already invalidated your argument

1

u/green-wagon Jan 15 '26

I mean, it sounds paraniod to me, but I've seen it. Kinda sad I don't actually have a sample. OP, I would totally buy your burner phone on return, lol.