Recent findings by security researchers reveal that Chinese authorities are employing a sophisticated malware known as Massistant to siphon sensitive data from confiscated smartphones. This malicious software can extract a wide range of information, including text messages from secure chat applications like Signal, images, location histories, audio recordings, contacts, and more.
In an exclusive report shared with TechCrunch, the mobile cybersecurity firm Lookout unveiled insights about Massistant, a powerful hacking tool developed by the Chinese technology company Xiamen Meiya Pico.
Massistant, as outlined by Lookout, is an Android application designed for forensic data extraction from mobile devices. This means that authorities must have physical access to the devices in order to use it. While the specific Chinese police agencies utilizing this tool remain unidentified, its widespread use suggests that both Chinese nationals and visitors to China need to be informed about its potential risks.
“This is a significant concern. Anyone traveling in the region should be aware that their devices could be confiscated, and all data on them could be extracted,” Kristina Balaam, a researcher at Lookout who analyzed the malware, stated to TechCrunch ahead of the report’s publication. “It’s crucial for travelers to understand this threat.”
Balaam discovered numerous posts on local Chinese forums where individuals lamented finding this malware on their devices following police encounters.
“It appears to be quite prevalent, especially based on discussions observed in these Chinese forums,” Balaam noted.
The malware requires installation on an unlocked device and operates in conjunction with a hardware tower linked to a desktop computer, as depicted in a description and images on Xiamen Meiya Pico’s official site.
Although Lookout was unable to analyze the desktop component, they did not find a version of the malware that works on Apple devices. However, Xiamen Meiya Pico’s website illustrates iPhones connected to its forensic hardware, indicating a possible iOS variant of Massistant tailored for Apple devices.
Authorities don’t require advanced techniques to deploy Massistant; as Balaam points out, “people often willingly hand over their phones,” based on reports from users on Chinese forums.
Since at least 2024, China’s state security police have held legal authority to inspect phones and computers without warrants or ongoing criminal investigations.
“If someone passes through a border checkpoint and their device is seized, they must provide access to it,” Balaam explained. “We don’t observe sophisticated exploits from lawful interception tools because they don’t need to resort to them.”

Fortunately, as Balaam points out, Massistant leaves traces of its presence on compromised devices, allowing users to potentially identify and remove the malware. It may appear as a standard app or be detected and eliminated using advanced tools like the Android Debug Bridge, a command-line tool that facilitates device connection through a computer.
However, the downside is that once Massistant is installed, the damage is already done, and authorities have likely accessed the user’s data.
According to Lookout, Massistant is the successor to a similar mobile forensic tool, also created by Xiamen Meiya Pico, named MSSocket, which security experts analyzed back in 2019.
Xiamen Meiya Pico reportedly commands a 40% share of China’s digital forensics market and was sanctioned by the U.S. government in 2021 for providing its technology to the Chinese government.
The company did not respond to TechCrunch’s request for comment.
Balaam added that Massistant is just one of many spyware or malware solutions created by Chinese surveillance technology firms, describing it as part of a “vast ecosystem”. Researchers are currently tracking at least 15 different malware families operating within China.