How Exactly the CCP-Cohort Mobile Apps Steal Everything From Your Phone

— A Hardcore Technical Deep Dive

Author: Himalaya Connecticut Pangu (USA) –  SillyLego

Editor:  Himalaya Connecticut Pangu (USA) -Antsee-GTV/Bomber

The notorious CCP-Cohort (CCP: Chinese Communist Party) Apps such as TikTok, WeChat, CamScanner, Alipay, etc., were  declared by the White House “untrusted” mobile Apps during the Trump Administration. What’s new? Well, when the War Room Pandemic’s audiences are empathetic of the Deplorables, in both US and China, most of them probably “know” the exacts of the media-polluted US world, while only scratching the surface of what’s happening for the Chinese population. This difference between “know” and “heard” determines their real attitude and action towards the persecutors behind. Blessed to be in the top technological industry myself, I happen to “know”, as opposed to “heard”, about how exactly those CCP-Cohort Apps steal everything in your mobile gadgets. Therefore, as a victim myself, I’m burdened to share such “know”s with all the Deplorables who are still with an anecdotal attitude about the eavesdropping device in your pocket, which listens to every single word you say and sees every single picture you keep.

Considering most of the readers of this article may not have a solid technical background, I’ll start the explanation with a parable, thereafter down to the technical language.

Imagine your gadget as a mass-production-made house, should it be a phone or tablet. The OS (operating system, such as iOS or Android) is the hardware of the house, including things such as foundation, walls, poles to hold the weight of all the upper structure, electrical wires (which contains your valuable data), and water pipes. When you rent the house to a tenant (App), the landlord (you or the user) has an electric meter at each of the power outlets. In this way, the landlord is able to know and control all the power consumption of all the outlets. Question: how could the tenant (App) steal electricity (your data) for free even when the landlord (you) has a meter at every single power outlet? The trick is, the tenant needs to know where the wires are buried in the walls, where you cannot see. Once the tenant knows that, he could simply drill a small hole on the drywall, pull out the wire and connect another power outlet that doesn’t have a meter on it. Afterward, the tenant can get all the electricity he needs for free without monitoring. Oops, one day the landlord’s security adviser (such as Google or Apple) drops by at the house and finds that there is an outlet without a meter on it and the tenant gets into trouble. To proactively void the embarrassment, the tenant puts a photo frame over the outlet and hides the wire behind it.

So how does this parable have anything to do with CCP-Cohort Apps stealing things in your phone? The decoder is all within the parable. Once a house is built, it is almost impossible to change the architecture or original design of the house. The same concept is true for OS or Operating Systems. We know Android is not so secure compared with iOS. This is because the so-called API, or Application Programming Interface, is like the blueprint of the house, showing where everything is at in the house, including those hidden wires, pipes, poles, and studs, accurate to millimeters. Therefore if you are using Android, you may not know the phone’s blueprint or APIs, but every single App on the phone, if it wants, could drill whatever hole they want in the house and steal whatever electricity (or data) they want. Obviously, the landlord’s security adviser (such as Google) visits occasionally, but it’s not too hard for the Apps to put a photo frame on top of where they are pulling data from, and Google does not really care about this kind of stealing since they know the house is pretty much transparent to the Apps anyway. Honestly, Google released the whole blueprint (or API) to all its App developers, for free. Even more frankly, Google itself is probably one of the biggest consumers of those personal data. Google’s fundamental business model is to use their customers’ private data in exchange for commercial income, such as customized advertisements, therefore,the company does not really have the motivation to invest in voiding data-stealing, as long as the thief does not compete with Google’s advertisement business. Hope the explanation above is friendly enough for non-technical folks to follow the basic logic so far.

What about iOS? Isn’t it much safer than Android? Yes and no. The yes is that iOS does not give all the blueprints to the tenants. For example, Apple may share some blueprint to the tenants so that they know how to fix a leaking water pipe, but it does not share the full electrical wire map for the tenants to figure out where they should drill a hole on the drywall to pull out the wire and get free electricity. You can imagine that as long as the tenant figures out a way to buy the secret blueprint from some black market, the actual trick for stealing electricity (or your personal data) is not that different. Literally, this is the way CCP-Cohort Apps steal your data from the iPhone in your pocket. The acronym BGY stands for Blue (control the Internet), Gold (buy influence with money), and Yellow (seduce key people with sex).The CCP invests billions of dollars in the US annually towards political lobbyists in DC. In the same strategy, it can infiltrate the big techs as well, which could be as legal as hiring a tech lead from Apple’s iOS team with three times their existing salary. This is how they get the “secret blueprint” of iOS.

In reality, stealing data from iOS requires a few more tricks beyond the “secret blueprint”, because the landlord’s security adviser “Apple” is more responsible than the Android adviser “Google”. The advisor actually searches very hard around the house. Since they know where the wires are buried inside the walls, when an App is submitted to Apple, they search along each of the hidden wires, even if when the wire is blocked by any photo frames. With such a security check process, if the tenant drills a hole in the wall and installs their own outlet, Apple will find them and disqualify this tenant. Well, not for the CCP-Cohort tenants because they are professional thieves. In the parable, you can imagine a photo frame with two small metal pins behind it: when the photo frame hangs on the wall, the two pins drill into the drywall, leaving almost no mark on the wall, and still connecting to the electric wires inside the wall; when the photo frame is lifted, the security advisor cannot find an outlet on the wall and there’s nothing suspicious on the frame because the two pins automatically retracted into the frame. This is a bit harder to explain technically, so I’ll use the next paragraph below to elaborate.

Applications such as WeChat unavoidably include image, audio, or video files within the App package. The files look perfectly normal when opened and inspected. However,when the iOS loads the files to hardware memory inside the memory or CPU, some “bits” hidden inside the files, at a binary level, are translated to a meaningful “API” which discloses the “secret blueprint”. You can think of a simple encoding system like the word “gtiowuocudwp”. The word means nothing at a glance, but if you pick one letter and skip the next two, you’ll find the decoded word “good”. Thereafter the decoded secret blueprint is used by the rest of the App to find the electrical wires’ location and then pull electricity (or user data) from the hidden wires inside iOS walls. Apple does not even know about this activity on the device and Apple cannot even detect these types of hidden activities when doing App inspection. Yes, this kind of Apps are indeed professional thieves, leaving no trace behind.

How could this even happen, and can’t Apple fix it? It’s not impossible, but very costly. Using the same parable prior, the foundation mitigation of the house’s security issue is to replace all drywalls with metal or brick walls. The cost of this mitigation is to tear down the whole house (iOS) and rebuild. Wait, there’s one more thing here: it’s not just the house, but also the whole land where the house is built upon, because brick walls and metal walls are heavier and the existing land (your iPhone’s hardware) cannot support such a heavy house. In reality, fundamentally fixing this issue implies a redesign of the whole iPhone, from CPU to Memory, and also a redesign of the whole iOS. Is Apple motivated to raise their phone’s price by 3-4 times with the same performance and functionality? Nah. They’d rather add a few more fancy features such as cameras or sensors, and keep their head buried in the sand expecting nobody can find their secret blueprint in the safe, except that the CCP has every single version of it already by their proficient BGY tricks.

Let’s dive even deeper beyond this level of mobile App. The “file” mentioned above, such as an image, audio file, or video, could also be something even more preliminary such as simplified Chinese characters. Mr. Lude mentioned in one of his YouTube videos that the CCP-owned company Founder Group ( is one of the top technological companies sponsored by the PLA (People’s Liberation Army) responsible for the CCP’s intellectual warfare. The kernel product of the company, Simplified Chinese digital solution, is the “file” that could infiltrate almost any digital platform. The “package” is loaded as a black box to the host (such as Windows, macOS, or even some digital hardware) due to IP (intellectual property) protection. Such IP protection provides both legal and technological barriers for the host to see or monitor its activities. This is why Lude specifically mentioned that any digital gadget, as long as it uses Simplified Chinese language, even if just for screen display, could be under CCP’s digital infiltration when needed.

There are some peripheral details regarding the data-stealing. Firstly, about data size. When the daughter is browsing 1Gb of data on TikTok per day, of which 5Mb (0.5%) is used for stealing of your phone’s contact information and transfer to some server in Europe then transferred to South Asia, then to the PLA-owned ByteDance’s headquarter in Beijing, it is 1. really hard for any user to sense this much of slow data transfer on the device, and 2. almost impossible to track the data transfer destination unless someone leaks the transfer path from intelligence sources. Secondly, about the terminals. Take a look around your house right now. Do you happen to have some $5 smart power outlet or light switch from Amazon? Well, they are perfectly harmless to your home for 99.99% of the time, but once the CCP needs to attack some server which it doesn’t like, each of those little gadgets may be awakened immediately and become a mini IP (internet protocol) striking weapon towards a remote server. Each of them can send tens or hundreds of requests to this server and could overload almost any server globally within seconds. Think about the IP attack in this way: if two people are saying hello to you simultaneously, you’ll get confused; if 10 million people say hello to you simultaneously, your eardrum will blow up. This may be the easiest parable to understand the term “IP attack”. Any guess where the cheap smart gadgets are made from? Any guess why they are so cheap and affordable to every household in the US?

To summarize, thanks to my professional circle, I happen to “know”, instead of “heard”, this very smart yet evil mechanism about how the CCP-Cohort Apps physically steal the data from almost any of your digital device. When I started this statement, the reader may think this article to be some type of stereotype conspiracy theory or science fiction lunatics. With the technical explanation above, assuming the reader could understand the explanation, do you sense a breeze of dreadful tremble? Technology, just like any tool made by human beings, is always neutral. The dreadful factor is not the technology itself, but the ones holding the tool. For decades the CCP has been persecuting their own people with all kinds of such tools, out of the essence of deceiving and greed. What about the lab-made CCP-virus (Covid-19)? Now that the CCP is pointing those well-developed weapons towards the rest of the world, it’s time for the world to wake up and start to do something about the one behind the tools.

(The above content only represents the author’s personal views.)

1 Comment
Inline Feedbacks
View all comments
23 days ago

Love Is the Most Excellent Way: Daily Devotional