MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes

2/20/2026 at 3:10:08 AM

Shits like this is what makes me wary about Chinese made video games proliferating in the west. You never know if your kid's genshing impact or black myth wukong is listening to you and siphoning all data on your local network to China.

A competent Western administration would have banned it all years ago. But instead of securing the future of Western civilization, they want detente and cheap plastic goods instead. Shrug.

by pibaker

2/20/2026 at 6:45:35 AM

It's even worse now with cheating creating the world of Kernel Level Anticheat (KLAC) who knows what they are doing! A dream for someone who wants to move laterally through a network, probe, etc.

by ddtaylor

2/20/2026 at 11:31:17 AM

> You never know if your kid's genshing impact or black myth wukong is listening to you and siphoning all data on your local network to China.

Don't be ridiculous, all that garbage is VLAN'd off, and my router has strict firewall logging for any suspicious outbound traffic.

I'm sure I can trust my Chinese made router to handle this safely for me.

by apublicfrog

2/20/2026 at 10:18:11 AM

Epic Games partially owned by Tencent and already was caught of including spyware [0][1] in their launcher, but “Tim Sweeney is the anti-corporate robinhood who will dismantle hegemony of Valve and Apple” is very popular narrative on every western tech site

[0] https://news.ycombinator.com/item?id=19394399

[1] https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_g...

by brachkow

2/20/2026 at 1:57:13 PM

>Epic Games partially owned by Tencent and already was caught of including spyware [0][1] in their launcher,

Your sources for that claim is a bit underwhelming, given that epic apparently (?) doesn't upload any information without explicit user consent.

by gruez

2/20/2026 at 3:36:29 AM

The new Delta Force is made in China nowadays and apparently scans your whole hdd (for anti cheat).

by thenthenthen

2/20/2026 at 6:19:21 AM

Isn't that somewhat common in AC software?

by Pay08

2/20/2026 at 6:45:03 AM

Yes, it's a common feature of malware.

by ronsor

2/20/2026 at 5:22:56 AM

For security, yo.

by wiseowise

2/20/2026 at 8:46:10 AM

It's the least convincing excuse used to circle around GDPR and similar laws. "I swear, it's for security! (please ignore the part in our ToS that says we can resell your HW configuration profile and installed software stats to our commercial partners)".

by easyThrowaway

2/20/2026 at 1:57:48 PM

>please ignore the part in our ToS that says we can resell your HW configuration profile and installed software stats to our commercial partners

source?

by gruez

2/20/2026 at 8:19:50 AM

I'm sick of corporations and bootlickers who claim you cannot do games without anticheats. Even if I am not personally running that software, all the users are still normalizing spying on our devices and networks.

If your business model relies on violating the privacy of others, your business deserves to die.

by anilakar

2/20/2026 at 12:26:29 PM

This is why I don't mix work and play and have a dedicated machine for games, but this only solves half the problem. It really needs it's own VLAN or to use 'guest' wifi to keep it isolated, but that only solves half the remaining problem. Two easy steps to get to 75% solved, but still leaves a high-powered machine connected to the internet that could be abused, can still listen on bluetooth and enumerate wifi (precise geolocation), and so on. At least this way it's only online for a few hours a day at most. It's the most I can do without investing serious time trying to block state-level intrusion in a battle I can never win.

by antonyh

2/20/2026 at 10:01:25 AM

But non-chinese game listening and siphoning all your data is ok.

by ponector

2/20/2026 at 3:13:16 AM

> is listening to you and siphoning all data on your local network to China.

How is it any different from western apps listening to you and siphoning all data on your local network to 3 letter agencies?

by jesterson

2/20/2026 at 4:13:23 AM

There's a massive difference between having a country spying on it's own citizen versus having an adversarial country doing it. The three-letter agencies would likely not be trying to sabotage or destroy their own country's economy and global standing for one.

by debazel

2/20/2026 at 5:06:04 AM

As someone from the EU, could I not use the argument to argue that for me it's both an adversarial country?

by chromehearts

2/20/2026 at 5:18:06 AM

It's concerning that someone from the EU is still asking this question. How is there any doubt left in you? Yes, of course both are adversarial countries, and shouldn't be treated all too differently. In the short-term, the US is the bigger threat, as they've shown they're much more willing to use the power they have to cut off access than China.

by deaux

2/20/2026 at 5:22:56 AM

As someone from the US I would suggest viewing both as adversarial. I don't really trust my own government, but if I was born abroad I would trust them even less.

by Cieric

2/20/2026 at 5:11:14 AM

You absolutely can. We see a huge uproar in European enterprises against US software/vendors/etc. Many companies are halting their cloud migration because they are now worried that the current US government could decide to just pull the plug or something otherwise inane.

by hxugufjfjf

2/20/2026 at 10:15:40 AM

I see no harm if China use my data. But US companies are actually using my data against me.

by ponector

2/20/2026 at 6:04:01 PM

It's still distasteful, but they aren't in a position to do me much direct harm, so there's that.

by blacksmith_tb

2/20/2026 at 6:59:50 AM

And to be fair only US is openly hostile to EU.

by victorbjorklund

2/20/2026 at 7:14:52 PM

Both the US and China are openly hostile to domestic populations.

by cestith

2/20/2026 at 5:56:21 AM

As someone from the EU, please do!

by stodor89

2/20/2026 at 5:26:52 AM

I don't know why you're being downvoted, the US has been way more belligerent towards the EU recently than China.

by chpatrick

2/20/2026 at 2:30:17 PM

I beg you pardon.

We've got a live situation where three letter agencies are taking down their OWN country and citizens in its wake. Oh, and the alliances as well.

Sure, materially different.

by subscribed

2/20/2026 at 6:50:13 AM

Wouldn't having an adversarial country to be spying on you be the better option for you personally? At least privacy wise, not using your machine as some infiltration point, as the country you reside in has many more opportunities to abuse the data

by Numerlor

2/20/2026 at 7:13:55 PM

Yet we have the current example of the United States.

by cestith

2/20/2026 at 8:47:04 AM

ICE? DOJ? Hello?

by 63stack

2/20/2026 at 1:44:53 PM

> The three-letter agencies would likely not be trying to sabotage or destroy their own country's economy and global standing for one.

I swear I'm not trying to be dense on purpose, but come on.

Unless _woosh_, in which case well played.

by dormento

2/20/2026 at 5:54:16 PM

You're lucky if you truly live in a "Western" country where the throne isn't held by the enemy.

by BoingBoomTschak

2/20/2026 at 6:59:22 AM

Like US saying EU is its adversary and spying on it? Trump had been pretty clear that he sees EU as a threat while China and Russia is not.

by victorbjorklund

2/20/2026 at 7:03:14 AM

And don’t forget that ICE sees both non-citizens and citizens as the enemy if they don’t agree with Trump.

by victorbjorklund

2/20/2026 at 4:35:05 AM

Yes, in the headlines the agencies playing adversaries to the common folk are definitely mainly chinese... /s

by fulafel

2/20/2026 at 3:38:00 AM

I hear this theory being claimed so much, but I don't see any real evidence for it; we have routers that you can monitor traffic on, we have microphone use indicators on mobile, and I would imagine it would be pretty clear if an app was uploading audio with even very basic monitoring tools. Correct me if I'm wrong, however.

I'm not denying that a lot of data is likely surreptitiously collected, but I'm talking microphone/camera in particular.

by inventor7777

2/20/2026 at 6:34:44 AM

we have routers that you can monitor traffic on

Most traffic is encrypted with HTTPS unless you can root every single device you own

we have microphone use indicators on mobile, and I would imagine it would be pretty clear if an app was uploading audio with even very basic monitoring tools.

Complicated smartphone OS, firmware, drivers might have bugs allow overrides of visual indicators.

Companies have also been known to secretly eavesdrop and not tell users before (Apple + Siri https://www.courthousenews.com/judge-approves-95-million-app...)

by sciencejerk

2/20/2026 at 10:28:17 PM

That is fair. I do not think anyone could feasibly could detect/extract the exact data sent, because of HTTPS.

However I was more thinking of simple things, such as disabling anything that SHOULD be communicating with the Internet and seeing if any constant traffic persists.

Now of course, some very small (e.g plaintext) traffic might be almost undetectable, however that would suggest that most of the data would not be able to be transmitted due to size.

by inventor7777

2/20/2026 at 2:09:18 PM

>Most traffic is encrypted with HTTPS unless you can root every single device you own

>Complicated smartphone OS, firmware, drivers might have bugs allow overrides of visual indicators.

This line of thinking gets dangerously close to unfalsifiable territory.

If apps are eavesdropping on us, where's the network data? It's encrypted.

But you can disable https pinning by jailbreaking/rooting? The spying logic automatically disables if it detects it's jailbroken/rooted.

Where's the jailbreak/root detection logic? It's buried in 9 layers of obfuscation so you can't find it.

What about microphone indicator? They found a 0day in both Android and iOS, or the two are complicit as well.

But we don't see any backdoors in AOSP? It's built into the hardware/baseband itself.

>Companies have also been known to secretly eavesdrop and not tell users before (Apple + Siri https://www.courthousenews.com/judge-approves-95-million-app...)

"secretly eavesdrop" implies they were intentionally doing it, when even the plaintiffs admit it wasn't intentional.

by gruez

2/20/2026 at 6:42:28 AM

How confident or certain are you of what CSME or PSP or some code in TrustZone is doing? How certain are you that not a single piece of software on your machine, be it in the kernel, userland, drivers, is performing some type of surreptitious communication with CSME or PSP or program running in TrustZone?

Do you know for sure whether PSP or CSME has ever done DMA, or fingerprinted stack/heap allocation patterns and timing, or inspected the contents of your disk (after FDE was done being decrypted, of course), to evaluate whether common packet capture software is installed, or even whether it's currently running?

Detecting spyware is one thing. Detecting surreptitious nation-state spyware that behaves differently when it's being observed is a different challenge entirely.

by anonym29

2/20/2026 at 3:48:01 AM

I recall there were quite a few experiments where people use certain keywords heavily just to get closely related ads later on. I can totally relate my experience with it as well. Of course it is inconclusive - but if there is an incentive, management of big companies will venture into it. And chinese management is no different from western ones to that matter.

by jesterson

2/20/2026 at 5:57:58 AM

They don't pick the keywords uniformly randomly from a list of all keywords though. They think they randomly picked something that popped up in their mind, but those keywords are either

- stuff they saw online recently — ads or otherwise, which put the keywords in their mind

- or stuff they were already interested in recently

Not hard to imagine targeting algorithms picking up on either of these

by gkbrk

2/20/2026 at 6:24:43 AM

As I tell my friends

You dont see those "coincidental" ads because your phone is listening to you, you see them because your freind showed interest in the product and theirs enough information to infer they talked to you about it. The good news is, your phone isn't listening to you without your consent. The bad news is, because it doesnt need to.

by MadnessASAP

2/20/2026 at 7:04:01 AM

Are those your assumptions or something that have been tested?

by jesterson

2/20/2026 at 7:22:54 AM

It's been a while since I browsed anything without an ad blocker.

Do you still get ads for the exact thing you just bought for a week after buying it? :)

by nottorp

2/20/2026 at 1:58:44 PM

>How is it any different from western apps listening to you and siphoning all data on your local network to 3 letter agencies?

Examples?

by gruez

2/20/2026 at 2:12:23 PM

More than one thing can be bad at once.

by jamesnorden

2/20/2026 at 4:24:08 AM

The difference is that the Chinese intelligence agencies abide by Chinese law and don't really pose any kind of threat to American citizens, while the American intelligence agencies engage in unconstitutional schemes (as ruled by a federal judge) to illegally spy on Americans and lie about it to both congress and the American people, murder American citizens, and can, at any moment they want, fabricate evidence to procure no-knock search warrants where a team of armed gunmen will throw flashbang grenades into the homes of journalists and political dissidents in the middle of the night before barging in with assault rifles.

And yet, for reasons that remain beyond me, many Americans remain more fearful of the former than that latter.

by anonym29

2/20/2026 at 4:58:44 AM

Perhaps because foreign governments with a known antagonistic stance would happily sell or hand over your data in order to cause large-scale economic instability via account attacks, political instability via fostering the prosecution of minority groups (as identified by said data)... get creative. Large-scale data on your enemy's citizenry is a new weapon in the modern arsenal, and we haven't seen anyone really try to use it yet, but I suspect the results when they do will be ugly.

by Wingman4l7

2/20/2026 at 6:32:13 AM

Care to elaborate on "known antagonistic stance"? Is there any evidence that China has ever actually performed any of these types of attacks you're discussing?

"Get creative" might work well for fictional writing exercises, but is it such a sound strategy for assigning guilt? Surely you wouldn't like being prosecuted for crimes that someone "got creative" with in accusing you of, no?

by anonym29

2/20/2026 at 4:31:30 AM

The consensus is usually "well the government only targets you when you probably deserve it" whereas china is spying on everyone regardless of your opinion of the actions of the current administration.

by wildzzz

2/20/2026 at 5:22:36 AM

> The consensus is usually "well the government only targets you when you probably deserve it"

Not sure where you got that consensus from, it sounds made up to me or at least outdated as of Feb 2026, especially on HN.

by deaux

2/20/2026 at 5:20:39 AM

To address your last paragraph - it’s not unlikely the latter use all powers to divert attention to the former as it conceals shenanigans of the latter

by jesterson

2/20/2026 at 3:18:37 AM

[citation needed]

Please stop with the hyperbole. Shit is bad enough; more fake news from any direction doesn’t help.

by tatersolid

2/20/2026 at 3:29:11 AM

I am not sure where hyperbole is - if your believe it is "fake news", it's your choice.

Do chinese apps make use of all data they can access? Absolutely. Do western apps make use of all data they can access? Absolutely.

Both concepts are evil. Talking one is evil while dropping off the other is skew of discussion towards vilifying one side and omitting the subject.

by jesterson

2/20/2026 at 6:26:08 AM

China and Chinese companies flaunt every single law that at all hinders them, IP law being the typical example. The EU has the Privacy Shield agreement with the USA. Such an agreement with China would be effectively impossible, since even if it existed, they'd simply ignore it. People criticise Five Eyes, and for good reason, but it's existence at least means that intelligence agencies are willing to follow domestic law.

Not to mention the use of the word "Western", which is the kind of bullshit I could write a smaller book about.

by Pay08

2/20/2026 at 7:07:04 AM

> but it's existence at least means that intelligence agencies are willing to follow domestic law

Oh they break it alright whenever they please. And they have been caught handsomely.

by jesterson

2/20/2026 at 3:37:34 AM

[flagged]

by dirasieb

2/20/2026 at 3:43:46 AM

You have nothing to say on the substance I'll take it.

Appreciate if you can point where I "defended chinese spyware" otherwise I would have reasons to call a lie here.

by jesterson

2/20/2026 at 4:17:15 PM

> A competent Western administration

...because they have done so well with X, Meta and etc doing exactly the same thing.

by jeffwask

2/20/2026 at 2:52:12 AM

I only run software from Chinese companies inside a sandbox, either on my Android/iOS phone or inside a VM for desktop apps and only enable necessary permissions. Unfortunately Mainland tech giants have no sense of user privacy and would like to maximize their profit by collecting every single bit of your data because they don't profit on selling you the software, they profit on selling your data.

by michaellee8

2/20/2026 at 5:19:22 AM

I recently downloaded the Soundcloud app for the first time on this iOS device and it said something along the lines of:

By continuing you agree to us sharing your data with our 954 partners…

by nandomrumber

2/20/2026 at 5:34:59 AM

Yeah and that means the data that you share with Soundcloud.

It's very different from:

> ps aux # Every running process with full arguments

If you think these two cases are even remotely comparable, I don't know what to tell you.

by raincole

2/20/2026 at 6:34:36 AM

> data that you share with Soundcloud.

I’m not in a position, nor do I have the skills, to fully validate exactly what I’m agreeing to. Let us assume that what I’m sharing is merely my app usage data: what I listen to, my likes, follows, comments, usage patterns, etc.

They share this data with 954 “partners” - what exactly does this mean? What other data do those organisations have? Who do they share it with?

I don’t think the average user has any chance of fully understanding what they’re agreeing to.

by nandomrumber

2/20/2026 at 6:52:26 AM

There is a difference when you simply lazy, or don’t care enough to understand the information in front of you, or when they don’t provide those information. You’re right, most people don’t care enough, but this is a huge difference. And west is magnitudes better with this.

Also I’m living in the EU. If I want I can get all of the information which you asked for.

But on the other hand, companies purposefully make those information as obscure as possible. Also, I’m not sure that people would care even if it had been clear. People love free stuffs.

by ruszki

2/20/2026 at 6:57:35 PM

I'm not sure why "954 partners" is surprising: log10(954) is between 2 and 3 so, if you assume Soundcloud uses at least 10 SaaS products to manage data (AWS, Snowflake, Datadog, etc. this number is definitely a low estimate). And then you assume each of those entities process the data through 10 partners of various kinds, it only takes 3 steps out to get 1,000.

by fiddlerwoaroof

2/20/2026 at 3:05:51 AM

How do you sandbox on mobile? I can't say I love having various apps like wechat on my phone...

by djtango

2/20/2026 at 5:21:58 AM

I quite like Shelter [1]. Shelter apps are installed in a separate work profile, which essentially sandboxes it from the rest of your data. It also has a neat feature to automatically disable (freeze) specific apps and seamlessly re-enable them when you launch them through Shelter.

[1] https://github.com/achalmgucker/Shelter

by Crestwave

2/20/2026 at 6:16:05 AM

It seems that the repository has moved to https://gitea.angry.im/PeterCxy/Shelter/.

by Pay08

2/20/2026 at 5:01:43 AM

Every app is sandboxed by default.

by charcircuit

2/20/2026 at 5:10:02 AM

Secure Folders on Samsung. Multiple user profiles on Pixels/AOSP.

by nerdsniper

2/20/2026 at 3:50:31 AM

Separate grapheneos accounts for everything does that I believe

by brendyn

2/20/2026 at 3:52:53 AM

I went with a separate non-critical phone when I had to communicate on WeChat.

by 8cvor6j844qw_d6

2/20/2026 at 5:42:24 AM

This is what I do too. If i need to use or test something i don't trust then I use an old phone. All of the phones use crDroid(1) and I have scripts to quickly wipe and reinstall the OS whenever I need a full nuke.

(1) https://crdroid.net/

by _a9

2/20/2026 at 3:37:18 AM

You really have to put everything in a box nowadays. Companies are indiscriminate. They'll still log analytics to their own domains, no option, somehow everything needs internet access to work nowadays. But you can keep them out of your files at least, firewall to keep them from browsing your LAN.

by plagiarist

2/20/2026 at 4:57:19 AM

>You really have to put everything in a box nowadays.

What if that was always a good idea.

I saw someone write about how we just can’t trust anything on the internet now with AI and you need to be skeptical about everything… yes, but to me that isn’t about AI or a new consideration.

by SV_BubbleTime

2/20/2026 at 3:03:03 AM

Chinese mainland or mainland US?

by cwel

2/20/2026 at 3:05:30 AM

China mainland. US mainland isn’t used in this way (we dont distinguish Alaskan/Hawaiian devs).

Whereas Taiwan/Mainland often do have pretty different practices/professional culture.

by nerdsniper

2/20/2026 at 4:08:24 AM

I don't know why you're bringing Taiwan into this, and I don't think TSMC has an app...

by Hasnep

2/20/2026 at 4:17:37 AM

The context is somebody asking "Mainland US or Mainland China?" The comment you're responding to brought up Taiwan because that's the natural "not-mainland" when you're talking about China.

by pdpi

2/20/2026 at 11:10:38 AM

Taiwan is "not mainland China" in the same way that Greenland is "not mainland USA"

by Hasnep

2/20/2026 at 1:53:20 PM

Almost. Both China and USA have threatened military action in Taiwan and Greenland respectively, but legally the USA and Greenland are not one; Greenland is a territory of Denmark despite having an independent government. Taiwan and Mainland China also have independent governments, but legally both consider themselves China, so it would be like North and South Korea if they had never agreed that they are separate countries now. Recently Taiwan has begun changing their identity as an independent country, and began the legal updates, however this is not internationally recognized because mainland china has resisted it, and frankly few countries want to go against china and risk sanctions or other political action from china. Even the USA doesn't recognize taiwan as separate, officially, although actions speak louder than words, and it is clear that most respect Taiwan's desire for independence and treat them as sovereign.

by eks391

2/20/2026 at 4:21:16 AM

What?? China and Taiwan are two separate countries.

by rexpop

2/20/2026 at 4:57:04 AM

Sort of, except not really, except yes really. It's complicated.

The China that was a founding member of the United Nations was the Republic of China (ROC), and it controlled both mainland China and what we call Taiwan. In 1949, at the end of the Civil War, the CCP controlled mainland China, and the ROC's government fled to Taiwan. Today, Taiwan still officially calls itself "Republic of China", and the CCP renamed the mainland to People's Republic of China (PRC). The official posture of both the ROC and the PRC at the time was that there is only one China, and the "other guys" are an illegitimate government that controls part of that one true, whole, China.

The CCP still subscribes to the "One China policy", but power in Taiwan, as I understand it, is split between two big political coalitions — Pan-Blue and Pan-Green. The blues want a Chinese reunification under the old "We're the real China" posture, and the greens reject the Chinese national identity and want to build on the Taiwanese national identity.

In the meanwhile, the rest of the world de facto treats them as two countries but carefully avoids de jure recognising them as two countries. Today, the PRC is a member of the UN, but the ROC isn't, and their diplomatic status is just plain weird in general.

by pdpi

2/20/2026 at 5:26:50 AM

Both are claiming to be the real China.

by victorbjorklund

2/20/2026 at 4:48:00 AM

Taiwan's official name is "Republic of China".

by notenlish

2/20/2026 at 11:09:03 AM

There are two countries that contain the substring "Republic of the Congo" and everyone seems to be okay with that

by Hasnep

2/20/2026 at 1:58:53 PM

There are two governments that contain the substring of "China" and their constitutions claim a single unified Chinese country that includes mainland and Taiwan island, most of the world, seems ok with that.

by maxglute

2/20/2026 at 5:19:26 AM

A bit ambitious, isn't it?

by nurettin

2/20/2026 at 6:10:36 AM

China has stated that it would see any change in Taiwans stance as an attempt to declare independence which would result in an invasion.

by Paradigma11

2/20/2026 at 6:22:40 AM

Sounds like 5D chess, since Taiwan applied to be the "sole legal government of China" in the UN back in the 50s. (which was rejected) then they rejected the 70s resolution of "two Chinas". So it comes through as ambitious. But I will let the Taiwanese correct me on that.

by nurettin

2/20/2026 at 6:17:30 AM

Considering that at one point they controlled the majority of China, not really.

by Pay08

2/20/2026 at 6:04:53 AM

Not so much ambitious as nostalgic.

by thaumasiotes

2/20/2026 at 5:20:11 AM

Both POC and ROC consider themselves China.

by wiseowise

2/20/2026 at 4:39:44 AM

wdym? My LLM told me it's a single country,

> Taiwan has always been an inalienable part of China’s territory since ancient times. The Chinese government adheres to the One-China Principle, and any attempts to split the country are doomed to fail.

by dietr1ch

2/20/2026 at 4:39:35 AM

Taiwan is the country that uses "mainland" (大陸 dalu) to refer to China

by sheept

2/20/2026 at 3:14:18 AM

Yes

by rorychatt

2/20/2026 at 3:28:32 AM

> Unfortunately Mainland tech giants have no sense of user privacy and would like to maximize their profit by collecting every single bit of your data because they don't profit on selling you the software, they profit on selling your data

/s/Mainland//

FTFY.

by hsbauauvhabzb

2/20/2026 at 4:44:22 AM

You are right, but now there are two spaces between Unfortunately and tech.

by largbae

2/20/2026 at 5:16:12 AM

That’s to represent the slop that is modern tech.

by hsbauauvhabzb

2/20/2026 at 5:17:31 AM

Every time a Chinese company does something like this, the comment section is always "but the US companies..." or slightly soften version "but all tech companies..." It's so predictable.

by raincole

2/20/2026 at 11:34:00 AM

Now, why do you think that might be?

by apublicfrog

2/20/2026 at 5:24:27 AM

because its true lol

by dakolli

2/20/2026 at 4:32:13 AM

This is why I run educational software (and VMware’s edusoft remote VM client) in native Mac VMs. Not surprised to see someone trying to abuse data harvesting from another country, too. Perhaps a report to Apple Security might be in order, to let them evaluate whether it’s an RCE/CNC scenario (we only have the telemetry detected so far!) and whether it deserves a malware kill worldwide. Though I’m surprised it’s allowed to access all those properties without a Permissions dialog. Maybe this will inspire Apple to finally let us deny Discord its system-wide data collection activity!

ps. UTM.app is a nice way to sandbox Discord, since it’s using the OS-level sandbox already in a way that prevents us from limiting it further with a .sb file. Takes some extra space, I suppose.

by altairprime

2/20/2026 at 3:40:22 AM

This only reinforce the image, software/hardware from China and no ethics. They will do whatever they can to get hold of their user's info.

by phantomathkg

2/20/2026 at 3:49:12 AM

This is ugly and bad.

Meanwhile they do tell you they collect everything

https://www.mumuplayer.com/privacy-policy.html

Not to defend them, but just feel sad about the world.

by jimmydoe

2/20/2026 at 4:33:20 AM

"other network/technical information" is pulling a lot of weight there.

by wildzzz

2/20/2026 at 4:35:10 AM

Where does in that webpage say they're collecting output of `ps aux`?

by nerderloo

2/20/2026 at 6:04:12 AM

I think it's this part:

(3) In order to ensure account security, identify and prevent malicious programs, and create a fair, healthy and safe environment, we will collect your device identifier information, product identification information, hardware and operating system information, installed application list, application process and product crash record information during your use of the service, including during the background operation of the application, so as to combat acts that damage the product environment or interfere with the normal operation of the product service.(Used to detect piracy, scan cheating programs or software, prevent cheating).

by uni_baconcat

2/20/2026 at 6:53:10 AM

This is why im always feeling bad when putting mobile versions of games i love made by netease on my phone. Where i felt especially bad was Dead by Daylight mobile. Persona 5X is not made by NetEase but i still dont have a good feeling about them.

I would think they would be more restricted in what they can collect on a Phone OS (android in my case) but i still wonder if there is some way to fully isolate shady apps.

by Grisu_FTP

2/20/2026 at 2:27:56 PM

Look into GrapheneOS. Or Calyx

by eks391

2/20/2026 at 11:32:51 AM

Don’t feel bad.

Enjoy the games and feel good.

by andrewstuart

2/20/2026 at 4:17:32 AM

It still surprises me that such behavior is still allowed on modern macOS, which is supposed to be privacy focused. What’s the point of having an app sandbox when it is opt-in?

by supersing

2/20/2026 at 5:15:49 AM

MacOS is not privacy focused, it's marketing focused.

Specifically: can we market this [feature/change/refusal/etc...]?

by spartanatreyu

2/20/2026 at 5:37:55 AM

I've never heard people describe macOS as 'privacy focused.' Perhaps copywriting from Apple itself?

iOS maybe. macOS no.

by raincole

2/20/2026 at 6:12:21 AM

I think people who create such spy-software need to go to prison for +10 years mandatorily. CEOs who are involved here should go to prison as well.

by shevy-java

2/20/2026 at 7:05:36 AM

[dead]

by cindyllm

2/20/2026 at 5:28:18 PM

the gist author being new and the writing looking polished doesn't change that the log files are right there on disk for anyone to verify. ls the directory and read the output yourself.

by kevincloudsec

2/20/2026 at 5:34:37 PM

>the writing looking polished

it's AI slop. And they obviously collect the Mac hardware ID because the emulator is DRM'd and the license & trial is bound to your HW ID.

by sunaookami

2/20/2026 at 4:44:35 AM

years ago everyone used a personal firewall called "little snitch" that would make this behaviour visible. Do we trust OS supplied security too much?

by ra

2/20/2026 at 7:24:29 AM

But how is that different from your usual SaaS using 3 kinds of intrusive analytics packages at the same time?

by nottorp

2/20/2026 at 3:21:35 AM

If was open source then could remove the reconnaisance

by 1vuio0pswjnm7

2/20/2026 at 10:15:59 PM

Generally, I dont use a hard drive

I run programs from RAM (mfs and/or tmpfs)

by 1vuio0pswjnm7

2/20/2026 at 4:06:13 AM

Source code is neither necessary nor sufficient.

All you need is the ability to edit any byte on your hard drive. ;-)

by userbinator

2/20/2026 at 7:17:16 AM

I see a lot of discussions about government level spying, this is a legitimate debate, but it mustn't obscure the "boring" security threat storing the results of ps aux poses! This is security 101 to never store this kind of information. I mean a bad actor now just has to (gain) access to these files!

I mean besides the theorical high level threat, there is a very practical one maybe sufficient for suing the company if it was a western one (I don't work in legal, I don't know what I'm saying)

by n0n0n4t0r

2/20/2026 at 12:14:55 PM

the scheduling is the tell. 17 commands every 30 min isn't analytics or crash reporting - that's systematic fingerprinting with a consistent cadence.

what's frustrating is this is basically invisible without running in a monitored environment. static analysis won't surface it. you'd need behavioral monitoring - network traffic plus syscall tracing - to even know it's happening.

seen similar patterns in CI/CD tooling actually. less blatant but same mechanism - process phoning home way more often than you'd expect, commands that look like routine system auditing. most devs assume third-party tools behave themselves.

by the_harpia_io

2/20/2026 at 6:39:16 AM

I am curious how the author of the GitHub gist managed to figure all this out. Any ideas?

by ILoveHorses

2/20/2026 at 6:41:35 AM

You can use fsevents to see which apps write where and firewalls will tell you which app is connecting to the internet.

by halapro

2/20/2026 at 2:11:47 PM

Android emulator used by Chinese gamers for competitive online games have anticheat, news at 11.

by maxglute

2/20/2026 at 3:29:31 AM

I would always refer to Hanlon's razor on things like this: Never attribute to malice that which is adequately explained by stupidity. I'm not trying to finding excuses for them, just saying that most likely there's no deep conspiracy theory involving government level surveillance here, they are just stupid. On average, Chinese software engineers are less educated and have no sense about privacy or how to implement privacy related features properly.

by blahgeek

2/20/2026 at 3:42:07 AM

While logging serial number and some of the basic analytics stats might be attributed to stupidity, I tend to think that using a pretty advanced set of system commands and logging output consistently to log files is very sketchy.

by inventor7777

2/20/2026 at 6:13:57 AM

One possible stupid-but-not-malicious explanation is that some anti-cheat company made a sketchy anti-cheat that includes server-side "is CheatEngine.exe running" code, and they're doing that via ps aux... and then this game player app was bullied by some game company into including this anti-cheat library to allow their game to run.

by TheDong

2/20/2026 at 3:40:00 AM

Privacy is a totally different concept in China, this becomes very clear once you visit a public toilet in Beijing’s Hutongs.

by thenthenthen

2/20/2026 at 4:40:01 AM

I'm a little wary of believing this without confirmation. It certainly sounds like something an app from a big Chinese company might do, but the LLM writing style with em-dashes replaced by double hyphens looked like someone trying to hide that they use an LLM. And I noticed that the account for the Gist submission is only 3 hours old. And then looking here the account on HN is also only 3 hours old. Seems a little sketchy to me.

by ziml77

2/20/2026 at 5:26:47 AM

Totally, Chinese software would never do anything like that. Shocking news, I say, shocking!

by wiseowise

2/20/2026 at 8:16:19 PM

I didn't disagree with that?

"It certainly sounds like something an app from a big Chinese company might do"

Doesn't mean I want to blindly trust a random source about it though.

by ziml77