One doesn’t usually hear a counterintelligence warning  originating from India having utility in the United States. But a recent warning from the Indian Intelligence Bureau (IB) instructing all Indian military to remove more than 40 applications originating from China from their phones is a list everyone should be aware of. The IB identified the apps as being used to collect intelligence on personnel and the military.

The IB further identified tablet and smartphone manufacturer Xiaomi as being of concern and banned devices made by this manufacturer, as well. In 2014 we warned of spyware in smartphones which sent your data to the PRC.  Xiaomi was one of those manufacturers who had pre-loaded spyware onto their devices. No mention was made of Huawei, another prominent Chinese supplier of smartphones and tablets.

It begs the question of all who touch classified information – what’s on your phone or tablet?

The Indian Express obtained a copy of the IB’s advisory:

“As per reliable inputs, a number of Android/IOS apps developed by Chinese developers or having Chinese links are reportedly either spyware or other malicious ware. Use of these apps by our force personnel can be detrimental to data security having implications on the force and national security.”

“Therefore it is requested that all officers and men under your command may be advised to not use these apps in office or on personal mobile phones. If some of them are already using any of these apps then they should be asked to immediately uninstall the app and format their cellphones for strict compliance. You are requested to issue comprehensive guidelines on this matter.”

The 40+ apps, identified by the IB:

Weibo, WeChat, SHAREit, Truecaller, UC News, UC Browser, BeautyPlus, NewsDog, VivaVideo- QU Video Inc, Parallel Space, APUS Browser, Perfect Corp, Virus Cleaner (Hi Security Lab), CM Browser, Mi Community, DU recorder, Vault-Hide, YouCam Makeup, Mi Store, CacheClear DU apps studio, DU Battery Saver, DU Cleaner, DU Privacy, 360 Security, DU Browser, Clean Master – Cheetah Mobile, Baidu Translate, Baidu Map, Wonder Camera, ES File Explorer, Photo Wonder, QQ International, QQ Music, QQ Mail, QQ Player, QQ NewsFeed, WeSync, QQ Security Centre, SelfieCity, Mail Master, Mi Video call-Xiaomi, and QQ Launcher.

True Caller is a Swedish based company, who told SecureReading they are investigating and making inquiries as to why the IB believes their application to be a counterintelligence threat. Similarly, Xiaomi, noted that they “take security and privacy very seriously. Our global e-commerce platforms and user data for all international users is located on Amazon AWS data centers in California and Singapore. We are currently investigating the advisory…we are fully committed to storing and transferring our users’ data securely at all times.”

Our Advice?

If you purchased a phone manufactured by Xiaomi, you now have two warnings available to you that their apps and devices are viewed as a counterintelligence threat. Make your decision on continued use with your eyes wide open. Similarly, many of the apps identified are widely popular in China and beyond. Many of them work as advertised. Something spooked the IB, such that they felt it prudent to warn that China’s intelligence entities had the capability to compromise the information being shared.  This too should be taken on board, should you decide to use any of the identified applications.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com