Chinese Forensic Firm Cracks Apple’s AirDrop; TikTok Hides Hashtags

Reports on privacy vulnerabilities in Apple’s AirDrop file-sharing function and new obstacles to tracking content trends on TikTok highlight the ways in which tech firms with strong China ties attempt to navigate political sensitivities.

The first case involves Apple’s AirDrop file-sharing feature, which uses Bluetooth and Wi-Fi to let users of Apple devices anonymously exchange content when in close proximity. Since the feature does not need an internet connection, police have struggled to regulate it through common means of internet surveillance. However, as Yuanyue Dang wrote for the South China Morning Post, the Beijing Bureau of Justice announced this week that forensics firm Beijing Wangshendongjian Technology Co Ltd had cracked AirDrop’s privacy protections, thereby allowing the bureau to identify suspects accused of sharing “inappropriate speech” to subway passengers via AirDrop:

The bureau did not specify when the incident occurred, but said Wangshendongjian analysed the iPhone’s logs and found the sender’s mobile number and email address in the form of hash values, some of them hidden.

Wangshendongjian then used a “rainbow table” of cracked passwords to decode enough information from the files to help police “identify several suspects”, according to the article.

The company, a subsidiary of cybersecurity firm Qi An Xin Technology Group Inc (QAX), had handled 850 investigations since its founding in 2020, mostly for “public security clients and criminal cases”, the article said.

[…] QAX’s website, as well as mainland media reports, indicate that the company provides services to police in several provinces. Wangshendongjian belongs to a division that focuses on research into forensic techniques for electronic devices. [Source]

The AirDrop feature was used on the Beijing subway in October 2022 to share media related to the Sitong Bridge protest. Right before the White Paper protests in November, Apple quietly restricted the feature—only for Chinese users—by forcing users to opt in if they wanted to receive files from non-contacts, and limited the feature to a ten-minute window before it automatically shut off. (Under pressure, Apple later publicly extended this restriction to all users worldwide.) The AirDrop feature was also used by protesters during Hong Kong’s pro-democracy movement.

John Hopkins University professor and cryptographer Matthew Green wrote a detailed blog post explaining the technical and political dimensions of tracing AirDrop transmission. He stated that Apple almost certainly knew about this vulnerability from the feature’s inception, and external researchers warned Apple about the vulnerability as early as 2019. While he outlined alternative protocols for protecting privacy when using the AirDrop feature, Green concluded that Apple likely lacks the political motivation to implement these alternatives, given that the Chinese government would view such a “fix” as a setback:

Those of us on the outside can only speculate about this. However, the facts are pretty worrying: Apple has enormous manufacturing and sales resources located inside of China, which makes them extremely vulnerable to an irritated Chinese government. They have, in the past, taken actions that appeared to be targeted at restricting AirDrop use within China — and although there’s no definitive proof of their motivations, it certainly looked bad.

Finally, Apple has recently been the subject of pressure by the Indian government over its decision to alert journalists about a set of allegedly state-sponsored attacks. Apple’s response to this pressure was to substantially tone down its warnings. And Apple has many fewer resources at stake in India than in China, although that’s slowly changing.

Hence there is a legitimate question about whether it’s politically wise for Apple to make a big technical improvement to their AirDrop privacy, right at the moment that the lack of privacy is being viewed as an asset by authorities in China. Even if this attack isn’t really that critical to law enforcement within China, the decision to “fix” it could very well be seen as a slap in the face. [Source]

Apple has a long history of bowing to pressure from Chinese authorities to facilitate their censorship and surveillance. In 2017, Apple removed apps that helped circumvent the Chinese government’s internet restrictions, as well as news apps such as the New York Times (NYT) App. 

In 2018, Apple produced a set of new iPhones specifically for China with two physical SIM-card holders, allowing for better identity tracking by the government. It also signed over physical control of its Chinese iCloud system and Chinese users’ data to a Chinese state-owned enterprise. A subsequent NYT investigation found that Apple had agreed to let the Chinese government approve any encryption technology that Apple uses in China and keep it stored in the country.

During the 2019 Hong Kong pro-democracy protests, Apple removed a crowdsourced mapping app used by protesters to track police activity, and it removed the app of news outlet Quartz from the Chinese app store following its coverage of the protests. Around that time, Apple also removed the Taiwanese flag emoji from iPhone keyboards in Hong Kong and other areas. 

Also in 2019, Apple was revealed to be working with Tencent to create a blacklist of websites for the Safari web browser in China, which goes beyond sites with malware to include those with political content the Chinese government deems harmful. In January 2023, Apple quietly expanded the use of Tencent’s website blacklist to users in Hong Kong, which was applied to sites such as code-sharing website GitLab.

A 2021 NYT investigation of data from Sensor Tower, an app data firm, found that about 55,000 active apps, including over 600 news apps, disappeared from Apple’s App Store in China from 2017 to 2021, while the majority of them remained available in other countries. At least 27 of these censored apps were related to LGBTQ+ content. (GreatFire.org has created a website to highlight content discrepancies between Apple’s App Stores in China, the U.S., and elsewhere.)

A 2021 Citizen Lab report on Apple’s censorship across different regions found that “Apple’s compliance [in China] may have exceeded that required by the government’s laws and regulations, a sharp contrast to Apple’s reputation and relationships with law enforcement in the United States,” and it found that “keywords on Apple’s censorship lists suggests that even Apple does not understand what content they censor.”

In October 2023, Apple agreed to force developers to apply for Chinese government licensing before their apps can be offered in its Chinese App Store, a move that plugs a censorship loophole by making it harder for Chinese users to connect to both foreign and domestic apps.

That month, Apple also pulled the plug on “The Problem with Jon Stewart,” a show hosted by Apple TV+, over creative differences about China and other topics that were pitched for its upcoming season.

The second case involves TikTok. As Haleluya Hadero wrote for the AP, TikTok has quietly restricted one of the few tools researchers use to analyze the popularity of videos, and removed certain hashtags deemed sensitive by the Chinese government:

TikTok’s Creative Center – which is available for anyone to use but is geared towards helping brands and advertisers see what’s trending on the app – no longer allows users to search for specific hashtags, including innocuous ones.

The social media company, which is owned by Beijing-based ByteDance, has also removed certain hashtags from the Creative Center that some online researchers had stored for analysis. They include topics that would be seen as controversial to the Chinese government – such as “UyghurGenocide” and “TiananmenSquare”- as well as hashtags about U.S. politics and the war in Gaza and Ukraine. The Center will now only allow searches for the top 100 hashtags by industry, the company said. [Source]

The changes to the Creative Center emerged after the Network Contagion Research Institute published a report last month, which showed that there are significantly fewer hashtags related to Uyghurs, Tibet, Tiananmen Square, Hong Kong protests, and Taiwan on TikTok than there are on Instagram. A TikTok spokesperson indirectly referenced the report when justifying the changes, and criticized the report’s findings. The report’s methodology was also criticized by the Cato Institute.

Regardless of the report’s merit, TikTok’s changes will make it harder for researchers and lawmakers to scrutinize content on its platform, which has a history of being censored when it comes to issues the Chinese government deems sensitive. In 2019, The Guardian used leaked internal documents to show that TikTok instructed its moderators to censor videos that mention Tiananmen Square, Tibetan independence, or Falun Gong. That year, TikTok twice suspended the account of an American teenager who posted videos designed to raise awareness about human rights abuses in Xinjiang. 

In 2020, The Intercept revealed internal documents showing that TikTok moderators were told to censor political speech and ban users who harmed “national honor” or discussed “state organs such as police.” Later that year, the Australian Strategic Policy Institute published a report showing that LGBTQ+ issues were suppressed on TikTok in at least eight languages, and included evidence that TikTok manipulated feeds to suppress content critical of human rights abuses in Xinjiang. In 2022, a tech researcher found that TikTok continued to block numerous keywords related to LGBTQ+, along with “Peng Shuai.” 

CDT EBOOKS

Subscribe to CDT

SUPPORT CDT

Google Ads 1

Giving Assistant

Google Ads 2

Anti-censorship Tools

Life Without Walls

Click on the image to download Firefly for circumvention

Open popup
X

Welcome back!

CDT is a non-profit media site, and we need your support. Your contribution will help us provide more translations, breaking news, and other content you love.