A new report by cybersecurity firm Lookout has revealed that Chinese authorities are using a powerful Android malware tool called Massistant to extract data from seized mobile phones, even accessing private content from encrypted messaging apps like Signal.
According to Lookout, Massistant was developed by Xiamen Meiya Pico, a major Chinese surveillance tech company with strong ties to law enforcement. The tool is used for mobile forensic data extraction, allowing police to pull sensitive data, including text messages, images, location history, audio recordings, contacts, and more — but only when they have physical access to the device.
Researcher Kristina Balaam from Lookout told TechCrunch that the tool is being widely used across China, not just on residents but potentially on foreign travelers as well. “It’s a big concern,” said Balaam. “Anyone traveling in the region should know that their device could be taken and its contents collected.” Posts on Chinese online forums appear to back this, with users reporting the malware was found on their phones after police encounters.
Massistant works with a hardware tower connected to a desktop computer. Although Lookout couldn’t examine the desktop component, Xiamen Meiya Pico’s official website shows illustrations of iPhones linked to the device, hinting at a possible iOS version of the malware.
Interestingly, police don’t need advanced hacking methods or zero-day exploits to use this tool. “People just hand over their phones,” Balaam explained. This is especially concerning given that China’s security laws since 2024 allow police to search devices without a warrant, even if there’s no active investigation.
Massistant appears as an app on the device or leaves behind traces that can be detected using tools like Android Debug Bridge (ADB). While users may be able to delete the malware later, the damage is already done — data is collected at the time of installation.
This isn’t the first time Xiamen Meiya Pico has been linked to surveillance tools. In 2019, a similar product called MSSocket was analyzed by researchers. The company controls around 40% of China’s digital forensics market and was sanctioned by the U.S. government in 2021 for helping the Chinese government with surveillance technologies.
Balaam says Massistant is part of a much larger ecosystem of spyware developed by Chinese companies. “We’re currently tracking at least 15 malware families being used in China,” she said.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Xiamen Meiya Pico has not responded to requests for comment on the new findings.
