Chinese Authorities Deploy New Tool to Hack and Extract Data from Seized Phones

Chinese authorities have begun using a newly developed malware tool called Massistant to hack into seized mobile phones and extract sensitive data, according to findings by mobile security researchers at Lookout. The tool enables authorities to retrieve messages—including content from encrypted chat apps like Signal—as well as images, location histories, audio files, contacts, and other private information from Android devices.

What is Massistant and How Does It Work?

Massistant is Android-based forensic software developed by Xiamen Meiya Pico, a major Chinese tech company specializing in surveillance and forensics. Lookout's investigation found that Massistant is used in situations where police or security officials physically possess and unlock the target device. It often works in tandem with a specialized hardware tower and desktop computer, making it possible for non-technical personnel to extract large amounts of data quickly and efficiently. Currently, no evidence suggests an iOS version is publicly available, but marketing materials hint at its existence.

Who is at Risk?

The tool’s deployment is reportedly widespread, affecting both Chinese citizens and international visitors. Posts on local Chinese forums document cases where people discovered Massistant installed on their phones following police encounters. Since 2024, Chinese security forces have held legal authority to search through digital devices without a warrant. Travelers crossing Chinese borders face especially high risks, often compelled to unlock their devices for inspection.

How Massistant Impacts Security and Privacy

Unlike many high-profile digital exploits, Massistant does not require sophisticated hacking tactics such as zero-day vulnerabilities. Instead, the process relies on the legal or procedural power to demand physical access and user compliance. Once installed, the tool leaves visible traces—appearing as an app on the device or detectable through forensic inspection with tools like the Android Debug Bridge. However, even if the malware is found and deleted afterwards, the personal data has already been captured by the authorities.

Market Landscape and Background

Xiamen Meiya Pico, the company behind Massistant and its predecessor MSSocket, controls an estimated 40% of China's digital forensics market and was sanctioned by the U.S. government in 2021 for providing surveillance technology to Chinese authorities. Researchers at Lookout track at least 15 malware families circulating within the broader Chinese surveillance ecosystem. Meiya Pico did not respond to requests for comment.

Deep Founder Analysis

Why it matters

The rise of forensics tools like Massistant signals a critical shift toward hardware-enabled, legally sanctioned device data extraction. For startups—particularly those building privacy, security, or travel tech—this trend demands new attention. The threat environment has expanded beyond remote hacks to include high-assurance, physical-access scenarios. This development challenges the effectiveness of typical app-based encryption, especially when legal frameworks enable authorities to seize and inspect devices at borders or within jurisdictions.

Risks & opportunities

The broad use of Massistant exposes serious privacy risks for both citizens and international business travelers. Companies operating in China or sending employees abroad must prepare for the likelihood of phone data extraction. On the opportunity side, this climate intensifies demand for travel privacy solutions, anti-tampering hardware, and advanced forensics detection tools. Historical parallels include past crackdowns on encrypted communication apps, which spurred adoption of secondary secure-device markets and technical counter-surveillance consulting.

Startup idea or application

One area ripe for innovation is the development of a travel privacy companion app or portable device. Such a solution could warn users about local digital security laws, automate secure data wipe/restore protocols, or alert travelers in real-time when forensic tools are detected on their devices. Startups can also explore secure "border crossing" modes that temporarily remove sensitive data until a device is safely out of high-risk zones—a concept that aligns with enterprise mobile device management but is accessible to independent travelers and small businesses.

What Next?

Users traveling to or within China are advised to be vigilant: avoid carrying unnecessary sensitive data, use temporary devices if possible, and inspect devices for unfamiliar apps afterward. The escalation in state-run device extraction emphasizes the need for fresh innovation in privacy and digital self-defense—an area where founders can make a strategic impact.

For more on mobile security threats and countermeasures, see our coverage of major health data breaches and tips to protect your phone from SIM swap attacks on the Deep Founder blog.

Cybersecurity Surveillance Forensics China Mobile Security

Visit Deep Founder to learn how to start your own startup, validate your idea, and build it from scratch.

📚 Read more articles in our Deep Founder blog.