Asia Chats: LINE Corporation Responds

On November 14, The Citizen Lab published a report by Senior Security Researcher Seth Hardy revealing regionally-based keyword censorship for users in China in the popular chat application LINE developed by Japanese company, LINE Corporation.

The code analysis in our report was performed on LINE v3.8.5 for Android and the behavior was confirmed on an Android device running v3.9.3 downloaded directly from the Google Play store. We confirmed the presence of censorship functionality going back to v3.4.2, released on January 18 2013.

LINE launched a Chinese-branded version of the app, Lianwo (连我), in December 2012 in partnership with Chinese software company Qihoo 360 Technology Co., Ltd. We found keyword censorship functionality in both LINE and Lianwo. However, it is unclear whether the Lianwo version of LINE has additional functionality or is merely rebranded version for the Chinese market.

LINE recently announced it reached 300 million registered users just four months after announcing a registered user base of 200 million. In the background of this milestone, questions remain regarding how keyword censorship for users in China is managed by LINE and the greater implications of these policies.

A number of media outlets covered our findings including The Next Web, Time Magazine, South China Morning Post, and The Japan Times. In response to media questions on LINE’s censorship functionality, LINE Corporation representatives continually emphasized differences between Lianwo and LINE.

Quoted in The Next Web, a LINE spokesperson drew a “clear line between Lianwo and LINE, emphasizing that the Chinese version of LINE is different from the global version.” Similarly in response to questions from The Japan Times, Hazuki Yamada, the global PR manager for LINE Corporation, stated that Lianwo is “different from global versions of LINE,” noting that non-Lianwo users are unaffected by the keyword censorship. Yamada acknowledged that LINE Corporation “provides services in accordance with the local environment and government regulations of mainland China,” and “there are occasions when keywords found in violation of Chinese laws are not transmitted.” She declined to offer details on how the banned words are selected, but confirmed that the keyword censorship is done on the client-side rather than server side, which accurately reflects our findings.

We sent Hazuki Yamada a set of our own questions on November 26 (see them in full below):

Of the countries that LINE Corporation operates in, has LINE Corporation agreed to abide by local laws that have influenced how the LINE application functions? For example, is LINE Corporation mandated by the Chinese government or any other government to censor keywords or other content in the LINE application?

In this article published in The Next Web, a representative from LINE corporation is described as drawing “a clear line between Lianwo and Line, emphasizing that the Chinese version of LINE is different from the global version.” All of the analysis that we report on was conducted on LINE v3.8.5 for Android (APK MD5: 56c9076d56cc20f618df83eaf97a52dc), and the behaviour was confirmed on an Android device running v3.9.3 downloaded directly from the Google Play store. We found regionally-based censorship functionality in this version of LINE and therefore our findings show that LINE and Lianwo both have keyword censorship functionality. Please clarify if the Lianwo version of LINE has additional functionality or is just a rebranded version for the Chinese market.

Please clarify the relationship between LINE Corporation and Qihoo 360. How does this relationship work in practice for the Chinese market? Is Qihoo 360 involved in any technical development of LINE Corporation’s products?

How are the keyword lists in LINE that are used to trigger keyword filtering for users based in China developed? Who makes the decisions over what specific keywords are included on these lists? Does LINE or Qihoo 360 receive directives from the Chinese government or other third parties regarding what topics or specific keywords should be blocked?

Has LINE Corporation received government requests for user data? If so, please detail what country the request came from, the nature of the request, and LINE Corporation’s response to the request.

Would LINE Corporation consider publishing a transparency report that details the number of government requests the company receives for user data from the LINE application, which country these requests come from and what the response of LINE Corporation was to the requests? Other major technology companies have issued transparency reports including: Google, Microsoft, Yahoo!, Twitter , Apple, and Linkedin.

On November 27, Yamada provided the following reply:

“LINE had to conform to local regulations during its expansion into mainland China, and as a result the Chinese version of LINE, ‘LIANWO,’ was developed. The details of the system are kept private, and there are no plans to release them to the public”.

This response demonstrates a lack of transparency around LINE’s practices in China. Despite not directly responding to our questions, we observe LINE Corporation making changes to how keyword censorship and traffic encryption operate in the latest versions of the application.

Changes to Regionally-based Keyword Censorship

The last update to LINE v3.9.4 in the Google Play store was on November 27. The change log for this version is as follows:

Fixed the bug preventing messages from being displayed when received.
Improved picture quality of Snap Movie clips
Other minor bug fixes

A deeper analysis of LINE v.3.9.4 shows changes to regionally-based keyword censorship functionality. Users who register with a Chinese phone number will continue to have outbound and inbound messages censored if they contain sensitive keywords. In our original analysis we found LINE has an internal keyword list on the APK. If the user’s registered phone number is set a to Chinese number the application will download an additional keyword list from Naver’s server and block transmission of any messages that contain any of those keywords. The downloaded keyword file is stored in the application’s cache directory as cbw.dat. If this list is unavailable, LINE will default to using the internal list of 50 keywords. This internal list has been present in LINE and unchanged since it was added in v3.4.2. In v3.9.4 the internal list has been removed and the application will check for a cache file that the words would have been in and deletes it.

Compare this code snippet from LINE v3.9.3:

private static Pattern g()
{
File localFile = new File(n.b().getApplicationContext().getCacheDir(), “cbw.dat”);
if (!localFile.exists())
try
{
Pattern localPattern2 = getInternalBadWords();
return localPattern2;
}
catch (bwd localbwd2)
{
a(“failed getDefaultWords”, localbwd2);
return null;
}

With this snippet from LINE v3.9.4:

public static void a()
{
File localFile = new File(q.b().getApplicationContext().getCacheDir(), “cbw.dat”);
if (localFile.exists())
localFile.delete();
}

It is unclear what the purpose of removing the internal list is. The same 50 keywords in the internal list were present in the May 2013 finding of 150 banned keywords in Lianwo revealed by a Taiwanese developer who goes by the twitter handle @hirakujira. This keyword list also appears to be an internal file. This analysis was run on Lianwo version 3.6.5 for iOS and the same list was confirmed to be present on Android.

Compare this Base64 encoded and encrypted internal keyword list found by @hirakujira:

To the Base64 encoded and encrypted list we found, which is noticeably smaller since it contains only 50 keywords:

5mxphvUu6sGOrG+Qw8EsqlMmx+kNh11mTfMLXZgNmxLfH4grWErsAEsqw+j34zUbdxDUiitSMr77CBwBdEojcKjIHvdBPtRFduMb5TgvBjbtzmlXHN+UmUsDVmto7rMdCwP6+/AEzLmKB6GsAEs+3Q8xEtejCqdMnuU262feg4m5OrNxlgX3wpifO/+9Q9lm4KzHAhs7ZSGCOZbE2j6wPOTTMA6TXh9G1gA560ZjGNu+tLPJStUd08Kkw+AQvLl3ZSC3CexDT83D+FK1MYAUmfc6BIGh/AalsSszJcLyatT7hRUpeNl0/3i+0z2vtEZxEO6SU4mempEnR9ErjGWLpUIbNdWxFVf32Le1UaLE000+fL0y06lopoFyGIjELHg+dbtmGFRMpxhmZauEFmkIeElCVctonsX1866+c3qXVfDnXZg30BXb9Octrytti5C81/P9M0yDrbtDod2IKX1k39IDrsdqTPUC3+TYyuAOACGnAN/FNkRQmeBbhzpY7Du2+F2fLm8QlFhm2MczaHyj9aDjMfUAEukNDtYi+Jj3MS+h8/F9FW3gMHjneviLWBBe0fRJBbrxRvUKDtvS6vrMO/J2+nxiz/3dBgkG2kXFR6Y9PfV7X0fmBW/ZZLM3MMUk8LMmAJIuhcaiKhaHg4721pXqT7v7U2FmHLLiKJIev4a0lG+bxg9nM2m9IcDRSq7Uca08JefErOSSUOWUoeWhNTtr1dhu07HgbhBaHxdHvurl9Ld+FHiKrJZNbZEnuNK5+xOrmBVemDc8untuB5IhotpDU3yAnZNmvZSDJ00/PH05jOCbf4SgW+rkVOjsgodSpljGar7OBSfGR+hMujN4gay3hHm9Ygg5zN8LlME31CcADlFRCixo0p3b3VxMlAvBHSRItE/B/QwxKsG/IY7y2LCu6wJrctgfPYW/px2ItSOnd4LtztEpCBhQT3/CZbO6c0OLWaDPufjnZYuyEXyA6677+aMcIAA0RpInRMmzwYg7eG4PnuygTgDWhm6mc5C8Raz2teUysHhsIP26WAjdBQ+IPWgRvKLDzgpKaOI+moYqXarkTRBBdtMEOp4d4+sU953rE4i8sWtVHSzpV9sprJ5FgdayGOleKnZoy9GX1l38ey983hX8+LnMsyVKpjw8I9NWCFdknigP9QvAAYaDAqE0g4Y0oD3G1YAikkHCV0Foc8lUww++9XpECxlED7znaF9USMeXV+ZyzRjztUk/kg==

The content of the list relates to domestic Chinese politics, human rights, and sensitive political events–many of which are rather obscure and only mentioned in media known for being critical of the Communist Party of China (see first 50 entries in this translated keyword list). A number of these keywords relate to lightly reported incidents that did not go viral, which raises questions as to why they were included. The fact that some of these censored incidents are not high profile seems to indicate that they have been added by LINE as a pre-emptive, preventative measure or could potentially have been intended for testing and not production use. Thus, the internal list may have been removed because these keywords no longer merit inclusion.

Lianwo has not been updated since release of our report and still contains the 50 keyword internal file. Lianwo reports the same versions and capabilities as LINE v3.9.3 but the files (code and non-code) do not have matching MD5s. Therefore, there are differences between LINE v3.9.3 and Lianwo but the nature and extent of these differences are unknown.

While there are subtle differences between the latest versions of LINE and Lianwo, both clients continue to actively censor keywords for users registered to Chinese phone numbers, which further calls into questions the responses made by LINE Corporation.

Our LINE Region Code Encrypter Tool is still able to change regions in the LINE / Lianwo client to disable regionally-based keyword censorship in the application (interface now available in Chinese 中文).

Changes to Traffic Encryption

Since conducting our original analysis we also observe changes to how LINE encrypts traffic. Our analysis of the LINE communication protocol was conducted in September 2013 on v3.8.5. These tests found that communications were not encrypted over 3G connections, but were encrypted over WiFi. We have tested each subsequent release since v3.8.5 and found that v3.9.2 was still unencrypted over 3G with traffic visible to 119.235.235.91 on port 5000. However, since v3.9.3 released on October 2, 2013, it appears that traffic is encrypted over HTTPs going only to 119.235.235.91 (a LINE server that application activity is routed to). The latest version of Lianwo is also encrypted over 3G.

In the changelog for LINE v3.9.3 there is no mention of encryption of traffic over 3G connections.

Added a setting that prevents users not on your friends list from sending you messages.
Added the “Snap Movie” function which allows you to add BGM to short videos and send them to your friends
Increased the length of voice messages to 30 minutes.
Other minor bug fixes

The change to HTTPs over 3G is a welcome improvement to the application, but it is curious why LINE Corporation did not openly publicize this change nor explain why it was not implemented earlier.

Conclusion

As LINE continues to spread globally, pressures to conform to local regulations and government requests for user data are likely to increase. Other leading technology companies have tried to address these pressures and provide information to their users through transparency reports and dialogue in bodies such as the Global Network Initiative. We encourage LINE Corporation to avoid opaque statements on its business practices, better inform users of changes to security and privacy features, develop better and more transparent reporting of any government requests to censor or monitor communications on their products, and to join these progressive industry dialogues.