Chinese researchers crack smartphone app ID via radio signals

Share:
Audio Loading voice…
Chinese researchers crack smartphone app ID via radio signals

Synopsis

Chinese university researchers have identified smartphone apps with up to 99.07% accuracy using only the device's leaked electromagnetic radiation — no network access, no decryption, no physical contact required — potentially rendering encryption irrelevant as a forensic shield.

Key Takeaways

Researchers at the People's Public Security University of China published a non-contact smartphone forensics technique in Radioengineering on 22 May 2026 .
The method analyses low-frequency electromagnetic emissions to identify active apps, requiring no access to the phone's OS, data, or network connection.
The system achieved up to 99.07% accuracy across an Apple iPhone 15 Pro , Xiaomi 15 Pro , and Oppo Reno 13 .
Apps identified include Douyin , WeChat video calls, Baidu Maps , SMS, browsers, cameras, and cloud storage.
The technique works even when a device is offline, in flight mode, encrypted, or locked.
The research positions the method as a law enforcement forensics tool, raising global privacy and counter-surveillance concerns.

Researchers at the People's Public Security University of China have developed a technique that can identify which apps a smartphone is running — and what the user is doing — purely by analysing the device's faint electromagnetic emissions, even when the phone is offline, in flight mode, encrypted, or locked. The findings were published in the peer-reviewed journal Radioengineering on 22 May 2026, raising significant questions about the limits of device-level privacy protections worldwide.

How the technique works

The method captures low-frequency electromagnetic radiation that smartphones emit as a natural byproduct of their internal processing. Because the technique requires no access to the phone's operating system, stored data, or network connection, it is described in the paper as a non-contact forensic technique. The researchers framed it as a tool for law enforcement, writing: 'This technical approach can provide objective technical corroboration for evidence reinforcement in digital forensics and non-contact investigations.'

Test results and accuracy

The system was tested on three flagship devices: an Apple iPhone 15 Pro, a Xiaomi 15 Pro, and an Oppo Reno 13. Across these handsets, the model achieved up to 99.07 per cent accuracy in identifying active mobile applications. Apps successfully identified include Douyin, WeChat video calls, Baidu Maps, SMS messaging, browsers, cameras, and cloud storage services.

Why it matters

Conventional digital forensics requires physical or logical access to a device — cracking a passcode, exploiting a vulnerability, or obtaining cloud backups. This technique sidesteps all of those requirements entirely, meaning a target need not hand over a device or even be aware that monitoring is occurring. The implications extend well beyond China: any jurisdiction with access to the necessary signal-capture hardware could, in principle, deploy this approach.

The competitive and regulatory backdrop

The research emerges at a moment of intensifying global debate over smartphone encryption, lawful-access mandates, and the technical arms race between device security and state surveillance capabilities. Major platform vendors — including Apple — have long argued that end-to-end encryption and secure enclaves make device contents inaccessible to third parties. This technique, if operationalised at scale, would represent a fundamentally different attack surface that encryption alone cannot address.

What's next

The paper's publication in a peer-reviewed journal suggests the methodology will face independent scrutiny from the global security research community. Whether device manufacturers can engineer countermeasures — such as electromagnetic shielding or signal-randomisation at the chip level — remains an open question. Privacy advocates and cybersecurity researchers are likely to demand replication studies and push for regulatory guidance on the use of such techniques by law enforcement agencies.

Point of View

Secure enclaves, and end-to-end messaging protocols assume the threat comes through the network or the OS — not from the device's own electromagnetic exhaust. The publication by a Chinese public-security university is significant context: it signals institutional interest in operationalising this capability for law enforcement, not merely academic curiosity. Mainstream coverage will focus on the 'China surveillance' angle, but the deeper story is that this attack surface is vendor-agnostic and jurisdiction-neutral — any state actor with the right hardware and the paper's methodology can replicate it, making this a global device-security problem, not a bilateral one.
NationPress
7 Jul 2026

Frequently Asked Questions

What did Chinese researchers discover about smartphone signals?
Researchers at the People's Public Security University of China found that a smartphone's active applications can be identified by analysing the low-frequency electromagnetic radiation the device emits during normal operation. The technique requires no access to the phone itself and works even when the device is offline, encrypted, or in flight mode.
How accurate is this electromagnetic app-detection method?
The system achieved up to 99.07 per cent accuracy in identifying mobile applications across three test devices: an Apple iPhone 15 Pro , a Xiaomi 15 Pro , and an Oppo Reno 13 . Apps detected included Douyin , WeChat video calls, Baidu Maps , SMS, browsers, and cloud storage services.
Does encryption protect against this type of smartphone monitoring?
No — this technique bypasses encryption entirely because it targets the electromagnetic signals emitted by the device's hardware, not its data or network traffic. Standard protections such as end-to-end encryption, passcodes, and flight mode do not prevent the electromagnetic emissions that this method exploits.
Who could use this technology and why does it matter globally?
The research was framed as a law enforcement forensics tool, but the methodology is not geographically restricted. Any actor with appropriate signal-capture hardware and access to the published paper could potentially replicate it, making this a concern for device security worldwide, not just in China.
Can smartphone manufacturers defend against electromagnetic signal leakage?
No confirmed countermeasure exists yet. Potential hardware-level responses — such as electromagnetic shielding or chip-level signal randomisation — remain theoretical. Independent security researchers are expected to attempt replication of the findings, and the broader research community will likely push for manufacturer responses and regulatory guidance.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 4 weeks ago
  2. 4 weeks ago
  3. 1 month ago
  4. 1 month ago
  5. 1 month ago
  6. 4 months ago
  7. 5 months ago
  8. 8 months ago
Google Prefer NP
On Google