MFSocket: A Chinese surveillance tool

Elliot Alderson
7 min readJun 25, 2019

It is well known that China spies on its fellow citizens. In this article I will tell you the story of an Android application called MFSocket, a new monitoring tool made in China. This tool allows the police to extract from the victim’s phone a lot of data such as calendar events, SMS, MMS, videos, contacts, Telegram contacts, …

The Story

On June 21, 2019 Muyi Xiao, a Chinese journalist, posted on Twitter a thread on an Android application called MFSocket. On Chinese social networks people started to report about police checking people’s phones in Beijing and Shanghai and she decided to investigate.

Twitter thread by Muyi Xiao about MFSocket

Indeed by searching ‘MFSocket’ on Google I find this type of report:
- “When the police check the phone, it will be installed for you: Mfsocket”
- “Yesterday, the company asked us to go to the police station, and then the police installed a software called MFsocket. I thought it was monitoring software!”

People reports about MFSocket

In her thread, Muyi mentioned the company behind MFSocket. She found a troubleshoot guide which link the app to a company called Meiya Pico.

Troubleshoot guide for MFSocket made by Meiya Pico

Meiya Pico is not a new player. In two excellent articles, Reuters and the Wall Street Journal exposed them as a Chinese firm who sell forensics products to the Chinese authorities.

Screenshot from the troubleshoot guide

Important info from the troubleshoot guide. The police seems to use Windows to operate the app. Interesting, we will use this info later.

Muyi did a fantastic journalistic job, now it’s time to do my job. Am I able to technically confirm what she found? What are the…

Elliot Alderson

🇫🇷 Hacker. Fight disinformation at Predicta Lab. Not completely schizophrenic. Not related to USANetwork.