Download podcast | Size: 65.1 MB

On March 21 as part of the Bookworm Literary Festival, Mark Natkin (founder and managing director of Marbridge Consulting), Kaiser Kuo (director of international relations at Baidu), and Josh Gartner (senior director of international relations at JD.com) sat down with Eric Jou for a panel discussion called Tech in China. They spoke on artificial intelligence, O2O, censorship, the market, and woolly mammoths — all of which you can listen to in this week’s episode.

Highlights:

13-minute-mark: Josh Gartner on Baidu’s IPO and the ecosystems available to start-ups now.

20:20: Kaiser on “success,” and whether that necessitates going abroad; be sure to catch his woolly mammoth analogy, which begins at 21:20.

27:40: Mark Natkin talks about Xiaomi and its advantages going into a market like India.

28:00: Eric Jou asks a question that touches on protectionism.

30-minute: Great Firewall… Facebook, Twitter, YouTube, Google…

Kaiser makes a defense of the plucky, small, versatile Chinese entrepreneur vs. “the manager” of bigger, established foreign companies that “never really stood much of a chance against the equally well funded, scrappy, incredibly hungry entrepreneurs.”

34:15: O2O in China, i.e. Online to Offline — specifically how China is leading the way.

42:30: Natkin on some of the amazing services that are available due to low cost of fulfillment: did you know you can call someone to come to you, wherever you’re at, to do your nails? Or have a chef shop and cook for you in your kitchen? (“iAyi,” as Kaiser quips.) Also: closing of inefficiency gaps, exemplified by taxi apps.

49:30: How to make technology smarter? What does the future hold?

There’s some unfortunate construction that interrupts the proceedings at the 5:30 mark, but then we closed the windows and it got better.

The Creamcast would like to thank Popup Chinese for letting us use their studio and Great Leap Brewing for their generous support.

Download Episode 19 of The Creamcast here, or listen to it on iTunes.

|The Creamcast Archives|

Of course, chengguan. OF COURSE.

Via ECNS:

An urban management officer, or Chengguan, in Jiangsu province has started wearing Google Glass as part of his law enforcement kit, the Yangtze Evening Post observed on Monday.

The officer named Jiang Yifan is a member of the urban management team in Tianning district of Changzhou city. Jiang has posted a photo of himself wearing the electronic glasses on his Sina Weibo account.

Technology, man.

The greatest new app on the market is Baidu Translate, available for Android and iOS, which has the ability to identify and translate everyday objects using only a photograph. Amazing, right? You have no idea.

Contributor, musician, 中国人 Ben Plafker

Video Editor Gabe Clermont, person to take three shots with, attend to supermodel parties with

Contributor Alicia

Managing Editor Patrick Lozada, pregnant but eligible bachelor

Contributor Marjorie Dodson, not an M&M (see: this commercial)

“…that’s the man who molested my kitten!”

Editor-in-Chief Anthony Tao

Maybe the app does better with objects?

Baidu Translate is either a wonderfully earnest answer to Google Goggles or a Kaiser Kuo prank gone horribly right.

Oh, and one of our male contributors did what you would inevitably do with this app. The result was “Black Mini Poodle” and “Syphilis.”

Got fun results of your own? Do share! Tweet them at us or send along the old-fashioned way.

UPDATE:

Two via Sean Silbert:

This one via Twitter:

Via @emilyywu: “Yes both should be treated seriously religiously.”

UPDATE, 2/5, 6:08 pm: And now there’s a Tumblr. Our job is done.

Xiaomi, you’re all right.

Recently tabbed in a Time headline as “China’s threat to Apple and Samsung,” you probably know this company, founded in 2010, for its Mi3 handset, which sells for a slim $327 despite a bunch of neat features. Or perhaps you’ve heard its founder, Lei Jun, being compared to Steve Jobs — a comparison that Lei, to his credit, has rejected.

But do you follow them on Twitter?

Perhaps you should think about doing so.

Between dishing company news and engaging users, the people behind @XiaomiChina appear to have a healthy sense of humor and a fondness for memes and cats:

The hardest thing to see is what is in front of your eyes. —— 眼前的往往是最容易被忽略的。 pic.twitter.com/Om5GkJaXPc

— Xiaomi (@XiaomiChina) March 1, 2013

There are inklings of not giving a shit, but not in a way that’s offensive or irresponsible, which is neat to see from an ascending tech company that aspires for greatness but probably hopes to retain its underdog spirit. For now, they don’t even seem to mind posting memes that are ostensibly favorable to their competitors, such as the iPhone:

The evolution of the mobile phone.:P pic.twitter.com/w7vmEtGXq9

— Xiaomi (@XiaomiChina) October 14, 2013

And pictures of Xi Jinping acting blase in the face of a Xiaomi CEO presentation? It takes self-confidence to post this:

Xiaomi CEO Leijun making a exposition to the Chinese President Xi Jinping about xiaomi. pic.twitter.com/wc9bTYh8lG

— Xiaomi (@XiaomiChina) October 2, 2013

Did we mention memes?

The difference between phone with mom&phone with dad…cannot agree any more LOL pic.twitter.com/uIdI0mfJON

— Xiaomi (@XiaomiChina) October 18, 2013

The feed — curious, to say the least; entertaining, for sure — has prompted tech beat writer Eric Jou of China Daily / Kotaku to tweet at Xiaomi with the question, “Is your Twitter feed for real?”

We hope so. The best guerilla marketer out there today remains Chinese condom manufacturer Durex, whose PR team deserves a raise (for this stunt, if not this one), but here’s to hoping that Xiaomi can give them a run for their money.

If nothing else, follow these guys for the potential flame war with Android. Make it happen, please.

Some people just act like they are trying to help you. You have to think out of the box. pic.twitter.com/hwXZG2JWPd

— Xiaomi (@XiaomiChina) March 12, 2013

Games and cosplay in China meet every year around this time during the China Digital Entertainment Expo and Conference in Shanghai, aka ChinaJoy. First started in 2004, this expo is ostensibly all about showcasing the best in the gaming community, but, well, it’s the girls who steal the show, because nothing quite represents undersexed geekdom than scantily clad women. The wings and makeup are gratuitous.

As if you needed proof, check out the photos sampled below via Guangming.

If you’d like a round-up of the conference itself, head over to Kotaku, whose Eric Jou attended the event:

Over 200,000 people attended the four-day event, which is arguably one of the largest gaming expos in the world, second in Asia only to the Tokyo Game Show. Despite the massive turnout, this year’s China Joy seemed smaller. Perhaps due to the possibility of a lift on the console ban, major companies such as Sony and Microsoft didn’t even have booths at this year’s show.

Or just look at these pictures. More via Tech in Asia, if you can handle it.

Lionel Messi endorses WeChat, i.e. Weixin, i.e. the next Sina Weibo, as some people have called it on account of its functionality and interstellar growth. You can send texts for free (pending Internet connection), start group chats, and deliver photos and voice messages. And as Messi demonstrates in the above 30-second ad, you can communicate via video, too — Instagram, Sina Weibo, and Vine all in one.

I don’t want this to sound like an endorsement for Tencent, an ad upon an ad, because WeChat certainly doesn’t need any more publicity in China. The state-owned telecoms have already teamed up to get their powerful government friends to crack down on the freeness of WeChat’s services, because they feel threatened. But just know the company has big plans for international growth, and Messi will certainly help. What next, the Latin America market?

What’s best about tapping Messi as an endorser is it raises the stakes in China’s tech war, bringing it beyond the borders of this country and out of the reach of petty state-owned enterprise leaders who chuck feces at up-and-coming innovaters who challenge their monopolies. Messi may not have the impact that Michael Jordan did on Nike in the sneaker wars of the 1990s, but our hope is that he spurs Tencent’s great rival, Sina, which has international ambitions of its own, to try to top them. When companies compete, consumers win.

Youku video: behind the scenes of Messi ad.

(H/T Peter Lee)

China’s government is still figuring out how servers work. Either that or it’s hilariously naive, specifically about what might happen when 1.3 billion people are offered a fast, convenient way of submitting formal complaints.

You know, because what would anyone have to complain about?

On Monday, officials launched an online petitioning website (State Bureau for Letters and Calls). That same day, it crashed. Wall Street Journal reports:

Many Weibo users said they expected the crash due to the number of potential petitioners. Some interpreted the government’s use of a server that couldn’t handle the first-day traffic as a sign of insincerity.

Tech in Asia helpfully adds that this has happened before:

In its fight to battle corruption and abuses of power, Chinese government bodies have launched a series of “citizen reporting” websites over the years, and they almost always get demolished by high levels of early traffic. An anti-corruption website launched in 2007, for example, crashed on the first day due to unexpected traffic. A similar site launched in 2009 also went down on day one for the exact same reason.

The site’s back up, by the way. Enjoy it while it lasts.

In China, if you can’t beat them, call upon your buddies in a high-ranking ministry to bring them down to your level.

China Telecom, China Unicom, and China Mobile, three state-owned telecom enterprises, apparently feel so threatened by Tencent’s free Weixin (WeChat) program — specifically its ability to allow users to text and send voice messages (again, for free) — that they’ve called upon the government to even the playing field.

On March 28, an official in the National Development and Reform Commission called for Tencent to charge WeChat users. According to SCMP:

Shi Wei, a director at the commission’s Institute of Economic System and Management, made the following controversial comments during an interview with Xinhua:

“If Wechat doesn’t charge a fee, then why do text messages charge a fee? This is basic economics. If text messages charge a fee, then so should Wechat.”

And as Tea Leaf Nation reports, CCTV posted a Sina Weibo message yesterday that suggests the Ministry of Industry and Information Technology may be actively trying to alter Tencent’s business model:

Head of the Ministry of Industry and Information Technology (MIIT) Miao Wei has stated that the MIIT is currently considering whether to require [Tencent], the operator of Weixin, to implement a fee on [the service]. They have already asked operator [Tencent] to submit a [plan] to the Ministry. [Mr. Wei] also stated that fees in addition to data fees paid to telecom operators are entirely reasonable, but the supervising bureaus can [view the matter] from the users’ perspective, [so although] fees on Weixin are possible, they will not be onerous.

To be clear, neither the NDRC nor the MIIT care about helping Tencent make money. They simply want to erect a paywall that, even if not “onerous,” will assuredly cause WeChat to hemorrhage users. It’s the Great Firewall logic: one merely needs to make it inconvenient for users to freely access something and many of them will stop trying. Newspaper publishers can also tell you about viewership dips once online paywalls go up.

Tea Leaf Nation continues:

Weixin’s rapid growth may have cannibalized SMS [text message] fees for China’s mobile providers; in 2012, Caijing magazine reported that “the number of SMS messages sent by China Mobile users witnessed record low growth in 2012.” With its powerful voice communication features, Weixin may also have taken a bite out of the operators’ voice fees.

If Tencent doesn’t want to charge a fee, could the government make them? “Rule by law,” right? More likely, a few well-placed bribes in red envelops will make Tencent officials budge. State-owned enterprises win. Tencent wins. Ministry officials win. 300 million WeChat users lose.

Oh well. Nothing to be done.

With China’s Hottest Social Network in Danger, Netizens Cry: Hands Off! (Tea Leaf Nation)

Cell phones are a vital possession, no doubt, but how to choose one in China, where the selection seems endless? Real, fake, cheap, smart, new, stolen, mixture of several previous phones, one SIM card or three, etc. With such a large market, companies in and out of China are vying for a piece of the cellular pie, but the largest share by far belongs to the foreign-owned Android (Google) — a fact that the government may rue. A Ministry of Industry and Information Technology report published March 1 called China Academy of Telecommunication Research (brought to us by China Digital Times) highlights concerns over the pervasiveness of Android, which is run on 80 percent of Chinese cell phones.

“Our country’s mobile operating system research and development is too dependent on Android… While the Android system is open source, the core technology and technology roadmap is strictly controlled by Google.”

Furthermore, feathers were ruffled earlier when Google dropped a deal with Chinese Alibaba’s Aliyun system, explaining that Aliyun too closely resembled Android to reasonably be considered a new product. We caught you, you cheaters (tongues sticking out)! The Chinese government acted especially miffed in light of Google’s agreement, upon its absorption of Motorola, that it would not discriminate against Chinese companies in favor of Android.

So, who has the right of it? Will China redesign regulations to specifically block Android? Is Android getting nauseatingly full from all of that pie? One concerned conspiracy theorist shares his views:

Announcement from One Concerned Conspiracy Theorist
Citizens Beware: Androids Are Coming Are Here Are Overtaking Cell Phones at an Unstoppable Rate
AAAAAAAAAAAHHHHHHHHH

They’re in your homes and workplaces and purses and man-purses!

Thankfully, the Chinese government has already begun to address this concern — Aliyun, an Alibaba product, is waiting in the wings ready for action. And perhaps Google really is to blame for breaking its prior agreement not to discriminate against non-Android products.

Duncan Clark, chairman of technology consultancy BDA, gave this opinion to Reuters not too long ago, and a truer alliterative statement never twisted our tongues so well: “In China, regulators regulate regularly especially where they can position the regulations as helping out domestic companies.” The government may soon act to safeguard its citizens and domestic companies from the evil influence of the droids from beyond.

Black and white. The invasion is well on its way; we must take action now to combat this growing threat! Beware: the Android is in a store near you.

I ran across this piece on a blog for the Heritage Foundation in which the author tries to connect the recent accusations from Mandiant about hacking from China (still without conclusive evidence) and TOM¹-Skype’s censoring:

Chinese hackers have infiltrated the popular Internet messaging service Skype. The hackers have modified the operation of Skype so that the Skype programs on Chinese computers all have keyword systems to identify when the citizens use forbidden words, according to Jeffrey Knockel, a computer science researcher at the University of New Mexico.

…This is not the first instance of Chinese hacking. Just two weeks ago, Mandiant (an American cybersecurity company) reported that a unit of the Chinese army had been responsible for hacking more than 140 Western companies.

This ridiculous connection comes from a very interesting Business Week article that chronicles how a graduate student at the University of New Mexico cracked the encryption used by TOM-Skype and subsequently compiled a list of sensitive terms. He also lists some scary things that the service does:

The surveillance feature in TOM-Skype conducts the monitoring directly on a user’s computer, scanning messages for specific words and phrases, Knockel says. When the program finds a match, it sends a copy of the offending missive to a TOM-Skype computer server, along with the account’s username, time and date of transmission, and whether the message was sent or received by the user, his research shows. Whether that information is then shared with the Chinese government wasn’t explored by Knockel — and couldn’t be learned from TOM-Skype.

But this is nothing new. In 2008, activists at Citizen Lab disclosed a similar finding: that TOM, in a joint venture with the then-owner of Skype, eBay, systematically monitors and censors users’ communication. Then, as in 2006, Skype publicly commented that they knew about it, promised that it was only instant messages that were affected, and reassured everyone that Skype-to-Skype (as in, not TOM-Skype) communication was fully encrypted and protected.

This go-around is a bit different: Skype’s parent company, Microsoft, has made no substantive comment, only saying that to operate in China they must follow local laws, i.e. monitor and censor users to their best ability:

Microsoft’s statement also said that “in China, the Skype software is made available through a joint venture with TOM Online. As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws.”

As Brendan O’Kane points out, with such a huge a market as China, we can expect that tech companies will do whatever they must to appease local law enforcement to ensure continued access. Unfortunately, this logic cannot be confined only to China.

Last year, Microsoft began re-engineering its supernodes (servers that help make the initial peer-to-peer connection between users) to facilitate government monitoring of phone calls. According to Tim Verry at ExtremeTech, this allows the supernodes to actually route the voice data:

In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft -– who owns Skype and knows the keys used for the service’s encryption -– is helping.

[It] is a bit disconcerting that it is possible to violate your privacy, especially when you aren’t doing anything to warrant such potential invasions.

And even in January of this year, the Electronic Frontier Foundation, Reporters Without Borders, and other activist groups released an open letter asking Microsoft to disclose whether or not it is possible for law enforcement to eavesdrop on Skype users. Microsoft, just as now in China, is suspiciously reticent.

The moral of this story? If you live in China, under no circumstances download or use the TOM version of Skype. In fact, given the evidence, it doesn’t matter where you live, don’t use Skype at all if you are concerned about maintaining your privacy. There are other options.

¹ TOM-Skype is a joint venture between the TOM Group, based in Hong Kong, and Skype to make Skype services available to people in mainland China. They report that by the end of 2011, TOM-Skype had 80 million registered users.

John Artman has been China watching and covering tech since 2010. Follow him @KnowsNothing.

Before Spring Festival, we warned Beijing Cream readers about some of the dangers of using Android, how a specific type of malware works, and what users can do to protect themselves. As mentioned in that post, it’s not just Android users who should beware, but also those using the iOS platform in its many physical expressions, especially those with jailbroken devices.

iOS can, too

Because of the open nature of the Android platform, users can easily and unknowingly download applications repackaged to carry various kinds of malware. With Apple’s mobile operating system, and the amount of control built into the OS, applications, and hardware itself, the chance of downloading malware capable of hijacking your connection or retrieving personal information is quite slim. However, that doesn’t mean it can’t happen.

According to Apple (PDF), they don’t need any built-in or third party antivirus software, as the complete ecosystem is built around control. Even if malware passed the vetting process, including certificates only given to verified developers, to get onto the App Store, they are then “sandboxed” so that they don’t have access to any other parts of the system. That being said, that doesn’t mean that malware is not created for iOS, nor is it impossible for applications to carry malware through the App Store and onto your device.

F-Secure Q4 2012 Mobile Threat Report (PDF) shows that Android accounts for 79% of all mobile malware, whereas iOS accounts for only 0.7%. Yes, a small number, but as Philip Elmer-Dewitt points out, 2012 was is the first year that any threats on iOS were discovered by F-Secure.

Tony DeLaGrange, from Secure Ideas, says that there have already been apps approved by Apple that had hidden and undocumented functionality. Luckily, they weren’t carrying malicious code:

For instance, the iRandomizer Numbers and Handy Light apps had a hidden undocumented feature that provided free tethering. I wouldn’t categorize this a malware, but the point is that if someone is able to hide functionality within an app and get through Apple’s review process, then a malicious app getting through this process could potentially reach a large volume of devices before being identified and removed, especially if the malware delays its malicious actions to allow time for further distribution.

He adds that it would difficult to pull off, as the app would need to be quite popular and regularly used, but the payoff would be that much more rewarding.

Jailbroken Nation

As with Macs, there is a veneer of security for iOS, as just not much malware is created for the platform. However, as we mentioned above and as Kaspersky Lab CEO Eugene Kaspersky believes, this has more to do with other platforms being more easily targeted than the inherent security of iOS.

When users jailbreak their device, they also disable some key security measures. As Tony DeLaGrange puts it, this can be dangerous, as more and more of our lives are stored on our mobile devices, including credit card information, passwords, and social security numbers (emphasis mine):

Jailbreaking an iOS device basically disables code signing, which disables Apple’s Data Execution Prevention (DEP) control. Once DEP is disabled, pretty much any code can be executed on the jailbroken device. Consequently, jailbroken iOS apps are not sandboxed, which permits easier access to any data on the device, as well as device features. Removing these controls opens up the iOS device to malware infestation and potential compromise of their information.

While the number of jailbroken devices in China seems to be going down, it already presents itself as a target-rich environment. On top of that, it is amazingly easy to find jailbreak solutions online and offline, with stores actually advertising jailbreaking services. Easy things tend to attract people without the knowhow or savvy, thus making for easier targets as the Ike virus from 2011 shows.

Ike.A relied on the fact that many who jailbreak really don’t understand how their device works and used the default iOS credentials and SSH to infect the jailbroken iPhone and (harmlessly) Rick-Roll the user by changing the background to Rick Astley. According to DeLaGrange, Ike.B, however, was not as friendly. Using the same vulnerabilities, it created command and control that made the iPhone part of a botnet that was suspected of engaging in phishing of ING user login credentials.

Sometimes the Rules Feel Good

While there are certain advantages to jailbreaking, the downsides can be quite severe. And, to be honest, the non-practical advantages of jailbreaking only really count if you want to tweak the system and know what you’re doing

I came round to not jailbreaking my device after I found that I couldn’t (a long story). At first, I was very wary of actually purchasing applications, especially games. But after that first purchase, I have to admit that it feels good to know that I’m helping to support developers who make interesting content. Also, I now no longer have to worry about strange ways around Apple controls when upgrading: every single application on my iPad will follow me version after version with no work on my part.

I’m never going to stop being a cheap person (well, usually), so that’s why I have apps like TouchArcade and AppsGoneFree that alert me to great games and applications that have either become free or have been reduced in price.

My advice to all of our readers: Don’t jailbreak; it’ll only put you at more risk. Even if you’re not jailbroken, still be careful about what you’re putting on your device, put a password on the lock screen, and make sure “Find my iDevice” is turned on.

And never, never, never leave your device (whatever platform, make, or model) on the table at Starbucks while you go to the bathroom. It probably won’t be there when you come back.

John Artman has been China watching and covering tech since 2010. Follow him @KnowsNothing.

Google chairman Eric Schmidt has a new book ready to debut in April, The Digital Age, co-written by Jared Cohen, formerly of the State Department. As the Wall Street Journal puts it succinctly, the book is clear about one thing: “China is the most dangerous superpower on Earth.”

Specifically, Schmidt writes that China’s hacking culture — New York Times, Wall Street Journal, Bloomberg, and Washington Post have all recently fallen victim — will give it a strategic advantage:

“The disparity between American and Chinese firms and their tactics will put both the government and the companies of the United States as a distinct disadvantage,” because “the United States will not take the same path of digital corporate espionage, as its laws are much stricter (and better enforced) and because illicit competition violates the American sense of fair play,” they claim.

“This is a difference in values as much as a legal one.”

The book says the US’s hands aren’t exactly clean:

The U.S. is far from an angel, the book acknowledges. From high-profile cases of cyber-espionage such as the Stuxnet virus that targeted Iranian nuclear facilities, to exports of surveillance software and technology to states with bad human rights records, there is plenty at home to criticize.

But they’re not engaged in the same scale of corporate (and media) espionage. Should they be? Here’s the controversial part:

In this roundabout way the pair come close, on occasion, to suggesting western governments follow China’s lead and form closer relationships between state policy and corporate activity.

Take the equipment and software that comprises the Internet. Most of the world’s IT systems were once based almost entirely on Western infrastructure, but as Chinese firms get more competitive, that is changing, and not necessarily for the better, they say.

The authors probably won’t find a more vociferous critic than WSJ itself: one editor, in a rather breathlessly written editorial, recently stated, “The Middle Kingdom might once have been the center of human civilization. But in the digital world, the Chinese are the barbarians at the gate.”

And then you remember that all non-Romans, to Rome, were “barbarians.” We know how that story turned out.

Exclusive: Eric Schmidt Unloads on China in New Book (WSJ, image Wired)

Image via Lookout.com

On January 15, BBC News ran a report about a Trojan virus affecting millions of users in China. According to undisclosed security firms, there now exists a botnet on these millions of devices capable of “being used for fraudulent purposes,” including DDoS (distributed denial of service) attacks and spam email campaigns. Of course, this does sound scary, and botnets (in any form) are becoming more and more prevalent and thus increasingly worrisome.

The question for our readers, however, is: will this really affect me? The simple answer is: Probably, if you’re using Android. Improbable but not impossible, if you’re on iOS.

Here, in part 1, we look at Android. We’ll discuss iOS vulnerabilities in part 2.

Target-Rich Environment

The great thing about Android is also what makes it so dangerous: it is fundamentally an open platform. Manufacturers and individuals can adapt the system to their needs; software developers can make applications that fundamentally change how the device operates; users can (with a bit of technical know-how) swap between different “flavors,” from original Google-vanilla to CyanogenMod’s rocky road.

In China, this translates into an explosion of Android-based devices that, in many cases, don’t even ship with default Google Apps (emails, maps, etc.), including the official Android Store, Google Play. Many of the estimated more than 200 million Android users are getting their apps (free) from unlicensed, unaffiliated, and unregulated “stores” that, in many cases, host repackaged applications to include malicious code.

Adjacking

A spokesperson from Lookout Mobile Security told me that tricking someone to give up access is done in many different ways, with the most common in China being adjacking.

From Lookout’s State of Mobile Security 2012 report (emphasis mine):

App marketers (promoters) are often incentivized based on how well they are able to drive metrics that correlate to app popularity, including app downloads, installs and activations. While the incentive structures may vary, the general rule of thumb is that the more times an app is downloaded, installed or run, the bigger the reward. App promoters will use malware capable of one or more of the following malicious tactics to boost metrics without the user’s knowledge:

• Download applications from alternative app market sources to storage locations that do not alert the end user. These apps may or may not be installed, depending on the type of malware.
• Masquerade as an application that requires root permissions to gain escalated privileges on a device, which can then be used to install subsequent applications.
• Install third party app stores onto the device in an effort to convince the user to download specific apps.
• Silently run applications while the device screen is off to register “active app” events.

Lookout has dubbed the Trojan referred to earlier as “SimpleTemai.” According to Lookout, they first discovered it in September 2012, but have not seen any recent increase in activity. Now, the interesting thing about the SimpleTemai family of malware, and why we should be worried about botnets, is that it can be remotely updated:

“Although current capabilities are limited to mobile click fraud and we have no indication its creators are branching out beyond current functionality, SimpleTemai could presumably leverage this capability to significantly modify its behavior.”

Kingsoft, which calls the Trojan “Android.Troj.mdk,” reports that it has found over 7,000 apps carrying the Trojan, all of which are found in third-party Chinese application stores.

The Playdian Knot

Google Play poses a big challenge for Android in China. First, at this time, it doesn’t support purchases through its China store, thus pushing users interested in paid apps to pirating. Second, these third-party app stores that enable pirating are ubiquitous, easy to find, and easy to use.

If you are a user in China with a phone bought here and tied to a local network, there are a few different things you can do¹ to get those unavailable apps:

1. Remove the SIM card and turn on a VPN.  For best results, you can link your Google Wallet to a US (or other supported market) credit card.
2. Download and install various market unlockers. Usually thse require root access.
3. Use third-party app stores.

As you can see, using third-party is by far the easiest choice. That being said, Google Play itself has been known to host apps with malicious code and other threats to privacy.

Prophylactic Habits

What is one to do? You could, as suggested here, keep as little personal information on your mobile device, encrypt everything else, and closely monitor data and SMS usage. However, while certainly good advice, the most basic and easiest thing to do is install a security application.

In my time as an Android user, I’ve used two: Lookout and TrustGo, both of which were very satisfactory. That being said, a quick search of Google Play will come up with many, most of which are probably OK.

The best advice I can give, and what you’ll hear from security experts, is treat your device like a computer, with all the infection risks that entails; install anti-virus/security software; don’t download anything of unknown provenance

¹ Disclaimer: Some of these may not be completely legal and/or violate the terms of service of Google’s Android and Google Play. Their description here is not encouragement to use them and should not be taken as such.

John Artman has been China watching and covering tech since 2010. Follow him @KnowsNothing.

Part 2 is here.

The social coding website GitHub, which fell on the wrong side of the Great Firewall on Monday, has apparently been restored on the mainland, though as you can see from the above via GreatFire.org, tests have yielded contradictory results.

According to Global Times:

Lee Kai-fu, a prominent Internet figure and former vice president of Google, spearheaded the protest by saying on his Weibo that he “strongly opposes the blockage,” adding that GitHub is the world’s largest social media programming and code hosting website with more than 3 million users.

Chinese programmers constitute the fourth-largest group of users of the site, Lee said in his Weibo.

Lee said that it is unreasonable to block the website since doing so would not only “isolate Chinese programmers from international software developers,” but also “hurt China’s competitiveness and vision.”

Lee’s comment was reposted more than 75,000 times as of Wednesday night and stirred heated discussion about why the website was censored.

But was it unblocked because of the social media protests? It’s hard to tell at the moment, but tech observers have noted their skepticism.

Really? Sure the protest is why? RT @globaltimesnews: bit.ly/WgPuTCProtests in China help get [Github] unblocked

— Charlie Custer (@ChinaGeeks) January 24, 2013

John Artman, our tech contributor, writes in:

I agree with Charlie. Kaifu Lee is one of the “leading intellectuals” that was invited for tea after the Nanfang incident and the “protest” was only on Weibo with only 75,000 forwards (seems like a large number, but not in proportion to Chinese population or active users of Weibo).

There’s a few different possible reasons: MIIT, after possible lobbying from bigger software firms, realized that software development would halt after blocking GitHub. Also, could be a huge fluke where GitHub was blocked after running afoul of automatic blocking from GFW (controversial URL/content).

GT’s report also quotes an anonymous plug-in software creator who claims the reason for the original censorship was not, as widely speculated, due to the railway ministry’s ticket-buying site.

A creator of the plug-in software, who demanded anonymity, told the Global Times that blockage of GitHub has nothing to do with the software.

“The software has been removed from GitHub since January 16, well before the site was blocked,” said the programmer. “The true reason is some people post sensitive articles on GitHub’s blogs.”

…GitHub was not the only programming website that had been kept away from Chinese mainland users. Google Code, Google App Engine, SourceForge and several other renowned technical websites have been blocked at times.

“Some of them were blocked because they contained codes of virtual private network, or VPN, a kind of software that allows users to get over the Great Firewall. Others contained ‘sensitive’ comments that reveal political opinions,” Huang Weilian, a programmer and a renowned IT blogger, told the Global Times, adding that blocking these websites increased the cost of software product development for many Chinese start-up companies.

As always, trying to figure out the how and why of website censorship in China remains an exercise in futility and frustration, like reading tea leaves inside a tea bag dropped into a cauldron.

US tech website back online (Global Times)

Image via Charlie Custer/Tech in Asia

The Golden Shield Project (aka Great Firewall of China) has decided GitHub no longer conforms with Chinese notions of harmony, as first noticed Monday by GreatFire.org and reported on The Next Web.

The block comes on the heels of the Ministry of Railways’s unsuccessful attempt to convince Chinese browser-makers to stop providing a plugin that helps users purchase train tickets off MOR’s website.

A bit of background before we go any further: GitHub acts as a platform for software developers to share, revise, and track changes to code. This means that people who make those cool apps and websites we use every day use GitHub as a means to communicate with other developers, share their work, and generally make their products (and, thus, our lives) better¹.

According GitHub’s representative, China ranks fourth in traffic to the site, while Beijing is the sixth-ranked city. There’s no regional breakdown, but the service does have 3 million registered users.

Also, this isn’t the first time that GitHub has been censored. Last year, users were unable to download a new version of Node.js², as its version number shared the same date as the 1989 Tian’anmen protests.

As I mentioned above, much of the speculation as to causes surrounds the recent showdown over browser plugins between the Ministry of Railways and software companies, most notably Kingsoft (金山) and Qihoo 360. This does seem to make the most sense, as one of the plugins makes reference to javascript code that is hosted on GitHub. Block GitHub, stop the plugin.

The plugins themselves don’t use any APIs, as MOR’s ticketing site, 12306.cn, doesn’t actually have any APIs that I know of. Instead, they work by automatically refreshing the page until the desired ticket/trip becomes available for purchase. Imagine the Flash hitting refresh hundreds, if not thousands, of times every second. As you can imagine, this would put increasing pressure on already overloaded (read: incapable) servers dealing with the largest annual migration in the world.

As my good friend and former podcast co-host Charlie Custer points out on Tech in Asia (he’s responsible for the image above), the problems with overloaded servers and the plugins that overload them could all be solved very easily: make the website better. When the site first debuted, it was plagued with server-side issues and confusing interface… after the ministry spent $52 million. To give them credit, they did make some upgrades last September… that cost an extra $53 million (330 million RMB).

The moral of this story: if you can’t solve a problem by throwing money at it, make sure that unauthorized third-parties are unable to make things better, either.

~

¹ This is, of course, a contentious philosophical issue. If you want to hear my thoughts, buy me a beer and you’ll get an earful.

² Software used to write Internet applications that can flexibly handle higher and lower numbers of users depending on traffic. It’s usually used on web servers.

John Artman has been China watching and covering tech since 2010. Follow him @KnowsNothing.

UPDATE, 1/24, 12:32 pm: GitHub has been unblocked, maybe.