The Chinese for-profit company that develops and maintains the popular TaiChi Framework, used by multiple Android applications as well as millions of smartphone users, has been accused of collecting and hoarding user data. Apparently, the framework is closed-source and relies on heavy code obfuscation which might be used to evade detection of malicious intent. Additionally, TaiChi’s Terms and Conditions are claimed to be available majorly in the Chinese language, and users might be accepting a lot more invasion of privacy and data mining than presumed.
TaiChi Framework, developed mainly to use the Xposed module with or without Root/Unlock bootloader, currently supports Android Operating System versions 5 and above. In fact, it is one of the few frameworks to actively support the latest Android 10. The developers claim TaiChi is Xposed-Styled, but it has no relation with Xposed. The only claimed relevance to Xposed is that TaiChi can load Xposed modules. The developers, however, stress that the implementation of TaiChi and the Xposed Framework is very different.
TaiChi Framework Users Are Subjected To Data Mining?
A new and growing thread on XDA-Developers is currently investigating claims of data mining by the TaiChi Framework, which is actively used by Android smartphone users who want to use the Xposed module with or without Root/Unlock bootloader. Simply put, the TaiChi framework, which is used to load Xposed modules, perform multiple software ‘hooks’ and execute a variety of tasks not permitted via the official and legal Android smartphone tools, might be stealing data, claims an XDA-Developer member.
It is important to note that TaiChi (aka EXposed) is developed by a for-profit Chinese commercial software company. It is closed-source, networked and comes with code obfuscation. Simply put, a system-level application has closed, obfuscated code, which means developers writing code or modules that take advantage of the framework cannot take a detailed look inside the same. Since the code is obfuscated, there is no possibility of a third-party or external audit to ensure no data mining or harvesting takes place.
TaiChi Framework is developed and maintained by Shenzhen Dimen Space Network Technology Co., Ltd. While the Xposed Framework on the basis of which TaiChi is developed, is not a commercial production, TaiChi is a commercial product. In other words, the primary purpose of TaiChi or EXposed is to make money or profit.
Some users on XDA-Developers claim TaiChi runs nonstop, requires top permissions to stay in memory, corrupts package manager, and cannot be uninstalled. The only way to get rid of the framework is to execute ‘Factory Reset’, and then gain ROOT Permissions again by Rooting the device. In a preliminary study, Taichi had indicated it could send all the user’s operations to Crashlytics to track the user’s activities, could use fabric, and AppCenter to collect user data or possibly violate privacy. There are also some suspicious links within the framework. There are allegations about the framework remotely controlling software behavior from the cloud, having the ability to read and write files in /data/system without root permission, and bypass system restrictions to read IMEI.
What Are Working Alternatives For TaiChi Aka Exposed Framework?
Although yet to be disproven, the rising suspicions about TaiChi are enough reasons for developers and Android smartphone users to explore working, safe and open-source alternatives. The most obvious choice is the original Xposed Framework. It is being continually updated and is highly popular. There are multiple other alternatives to Xposed as well. Instead of TaiChi, developers and Android OS users can use XPatch or SPatch.
I've received evidence that Taichi has malicious activities. With Magisk's power, it leads to serious consequences. As a result, I have removed Taichi from the repo, and you should do so on your device too.
A good alternative is Riru + Edxposed, both are open source projects.
— John Wu (@topjohnwu) April 16, 2020
Incidentally, TaiChi is being used by Pokemon Go players around the world. Hence, if this application is tracking/spying users or behaving as malware, it needs to be investigated, confirmed, and reported. An XDA-Developer member is currently investigating the claims. He claims TaiChi tried to upload all the operations of the user’s mobile phone to the server, and this is done in the background. Moreover, the Framework must be compulsorily granted Network Permissions, or else it cannot be used.