BXAQ is a Chinese “police app” that is often installed at border crossings, specifically on the phones of foreigners.

Care53 was engaged to conduct an assessment of the BXAQ mobile application, with the main objective of finding out whether the app violates human rights.

Cure53 carried out a source code audit and a dedicated review of the BXAQ mobile application in late March 2019. The project followed a so-called white-box methodology as much as possible, particularly in the sense that the test-targets entailed decompiled source code of the application.

The European Convention on Human Rights (ECHR) served as a baseline for this project, in that Cure53 set out to determine, through technical reviews and audits, whether communication capabilities and functionality of the BXAQ mobile application can be seen as directly contradicting what the ECHR guarantees.

The technical analysis and review of BXAQ concluded that the concerns expressed were valid. The review found five items from the perspective of potential violations of human rights. The application was found to be capable of collecting and managing vast amounts of very specific data, with certainty that the gathered material can become the basis for further action concerning a specific group (or groups) of citizens.

The full audit and summary of findings can be found below.

BXAQ Analysis and Source Code Audit