Chinese education app also doubles as a superuser information stealer. Another notch on the leash around the neck! #infosec #cybersecurity #security #privacy #android https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html
And the article is pay-walled
@ChanOfRed tldr is that
this app is mandated for installation across 100 million devices. Users must do quizzes on the president’s history and ideaology. Failure will result in disciplinary action. Phone likely takes advantage of a zero day to escalate privileges as no prompt for permissions was made evident to the researchers. Sends a daily log of numerous data sources back to the government
A Mastodon instance for info/cyber security-minded people.