MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes

I only run software from Chinese companies inside a sandbox, either on my Android/iOS phone or inside a VM for desktop apps and only enable necessary permissions. Unfortunately Mainland tech giants have no sense of user privacy and would like to maximize their profit by collecting every single bit of your data because they don't profit on selling you the software, they profit on selling your data.

Shits like this is what makes me wary about Chinese made video games proliferating in the west. You never know if your kid's genshing impact or black myth wukong is listening to you and siphoning all data on your local network to China.

A competent Western administration would have banned it all years ago. But instead of securing the future of Western civilization, they want detente and cheap plastic goods instead. Shrug.

This is why I run educational software (and VMware’s edusoft remote VM client) in native Mac VMs. Not surprised to see someone trying to abuse data harvesting from another country, too. Perhaps a report to Apple Security might be in order, to let them evaluate whether it’s an RCE/CNC scenario (we only have the telemetry detected so far!) and whether it deserves a malware kill worldwide. Though I’m surprised it’s allowed to access all those properties without a Permissions dialog. Maybe this will inspire Apple to finally let us deny Discord its system-wide data collection activity!

ps. UTM.app is a nice way to sandbox Discord, since it’s using the OS-level sandbox already in a way that prevents us from limiting it further with a .sb file. Takes some extra space, I suppose.

This only reinforce the image, software/hardware from China and no ethics. They will do whatever they can to get hold of their user's info.

Every time a Chinese company does something like this, the comment section is always "but the US companies..." or slightly soften version "but all tech companies..." It's so predictable.

It still surprises me that such behavior is still allowed on modern macOS, which is supposed to be privacy focused. What’s the point of having an app sandbox when it is opt-in?

This is ugly and bad.

Meanwhile they do tell you they collect everything

https://www.mumuplayer.com/privacy-policy.html

Not to defend them, but just feel sad about the world.

years ago everyone used a personal firewall called "little snitch" that would make this behaviour visible. Do we trust OS supplied security too much?

If was open source then could remove the reconnaisance

I would always refer to Hanlon's razor on things like this: Never attribute to malice that which is adequately explained by stupidity. I'm not trying to finding excuses for them, just saying that most likely there's no deep conspiracy theory involving government level surveillance here, they are just stupid. On average, Chinese software engineers are less educated and have no sense about privacy or how to implement privacy related features properly.

I'm a little wary of believing this without confirmation. It certainly sounds like something an app from a big Chinese company might do, but the LLM writing style with em-dashes replaced by double hyphens looked like someone trying to hide that they use an LLM. And I noticed that the account for the Gist submission is only 3 hours old. And then looking here the account on HN is also only 3 hours old. Seems a little sketchy to me.