Cybersecurity Researchers Expose China’s Massistant Mobile Forensics Tool
Cybersecurity experts have uncovered details about a mobile forensics tool known as Massistant, used by Chinese law enforcement to extract data from confiscated smartphones.
Believed to be the successor to MFSocket, Massistant is developed by SDIC Intelligence Xiamen Information Co., Ltd.—formerly Meiya Pico—a Chinese firm specializing in digital forensics and network security solutions.
According to a report from Lookout, Massistant operates in tandem with desktop software to access a wide range of data from mobile devices, including GPS locations, SMS messages, photos, audio files, contacts, and call records.
Security researcher Kristina Balaam noted that Meiya Pico has established partnerships with both domestic and international law enforcement agencies, not only as a provider of surveillance tools but also as a trainer for police personnel.
Massistant requires physical access to the target phone for installation, making it suitable for use during border inspections or police checkpoints. Once installed, the app prompts the user to grant various permissions and then operates silently, displaying a warning if the user tries to exit.
Lookout analyzed samples of Massistant collected between mid-2019 and early 2023, all of which were signed using an Android certificate referencing Meiya Pico. Like its predecessor, Massistant must be connected to a desktop system to extract data, but it improves upon MFSocket by supporting ADB (Android Debug Bridge) over Wi-Fi and enabling the download of additional files.
The tool can also harvest data from third-party messaging apps, including Telegram, Signal, and Letstalk, a Taiwanese chat app with over 100,000 Android downloads.
Although Lookout’s findings focus on Android, images on their site show iPhones linked to forensic hardware, suggesting an iOS-compatible version may exist. Patents filed by the company also point to tools capable of extracting evidence from both Android and iOS devices, including biometric data such as voiceprints—a feature touted for its use in police investigations.
Meiya Pico’s role in state surveillance is longstanding. In 2017, The Wall Street Journal reported its involvement in scanning phones for extremist content in Ürümqi, the capital of Xinjiang. In 2021, the U.S. Department of the Treasury sanctioned the company for supporting biometric surveillance and the targeting of Uyghur Muslims and other minority groups in the region.
“Traveling in China comes with the risk that mobile data could be legally intercepted by police,” Lookout warned.
This revelation follows Lookout’s earlier discovery of EagleMsgSpy, another spyware tool allegedly used by Chinese police for widespread data collection under lawful surveillance programs.
