Chinese researchers crack smartphone app ID via radio signals
Synopsis
Key Takeaways
Researchers at the People's Public Security University of China have developed a technique that can identify which apps a smartphone is running — and what the user is doing — purely by analysing the device's faint electromagnetic emissions, even when the phone is offline, in flight mode, encrypted, or locked. The findings were published in the peer-reviewed journal Radioengineering on 22 May 2026, raising significant questions about the limits of device-level privacy protections worldwide.
How the technique works
The method captures low-frequency electromagnetic radiation that smartphones emit as a natural byproduct of their internal processing. Because the technique requires no access to the phone's operating system, stored data, or network connection, it is described in the paper as a non-contact forensic technique. The researchers framed it as a tool for law enforcement, writing: 'This technical approach can provide objective technical corroboration for evidence reinforcement in digital forensics and non-contact investigations.'
Test results and accuracy
The system was tested on three flagship devices: an Apple iPhone 15 Pro, a Xiaomi 15 Pro, and an Oppo Reno 13. Across these handsets, the model achieved up to 99.07 per cent accuracy in identifying active mobile applications. Apps successfully identified include Douyin, WeChat video calls, Baidu Maps, SMS messaging, browsers, cameras, and cloud storage services.
Why it matters
Conventional digital forensics requires physical or logical access to a device — cracking a passcode, exploiting a vulnerability, or obtaining cloud backups. This technique sidesteps all of those requirements entirely, meaning a target need not hand over a device or even be aware that monitoring is occurring. The implications extend well beyond China: any jurisdiction with access to the necessary signal-capture hardware could, in principle, deploy this approach.
The competitive and regulatory backdrop
The research emerges at a moment of intensifying global debate over smartphone encryption, lawful-access mandates, and the technical arms race between device security and state surveillance capabilities. Major platform vendors — including Apple — have long argued that end-to-end encryption and secure enclaves make device contents inaccessible to third parties. This technique, if operationalised at scale, would represent a fundamentally different attack surface that encryption alone cannot address.
What's next
The paper's publication in a peer-reviewed journal suggests the methodology will face independent scrutiny from the global security research community. Whether device manufacturers can engineer countermeasures — such as electromagnetic shielding or signal-randomisation at the chip level — remains an open question. Privacy advocates and cybersecurity researchers are likely to demand replication studies and push for regulatory guidance on the use of such techniques by law enforcement agencies.