TaiChi Framework To Use Xposed Modules Is Sending A Lot Of Data Back To Chinese Parent Company Warns XDA-Developers
The Chinese for-profit company that develops and maintains the popular TaiChi Framework, used by multiple Android applications as well as millions of smartphone users, has been accused of collecting and hoarding user data. Apparently, the framework is closed-source and relies on heavy code obfuscation which might be used to evade detection of malicious intent. Additionally, TaiChi’s Terms and Conditions are claimed to be available majorly in the Chinese language, and users might be accepting a lot more invasion of privacy and data mining than presumed.
TaiChi Framework, developed mainly to use the Xposed module with or without Root/Unlock bootloader, currently supports Android Operating System versions 5 and above. In fact, it is one of the few frameworks to actively support the latest Android 10. The developers claim TaiChi is Xposed-Styled, but it has no relation with Xposed. The only claimed relevance to Xposed is that TaiChi can load Xposed modules. The developers, however, stress that the implementation of TaiChi and the Xposed Framework is very different.
TaiChi Framework Users Are Subjected To Data Mining?
A new and growing thread on XDA-Developers is currently investigating claims of data mining by the TaiChi Framework, which is actively used by Android smartphone users who want to use the Xposed module with or without Root/Unlock bootloader. Simply put, the TaiChi framework, which is used to load Xposed modules, perform multiple software ‘hooks’ and execute a variety of tasks not permitted via the official and legal Android smartphone tools, might be stealing data, claims an XDA-Developer member.
It is important to note that TaiChi (aka EXposed) is developed by a for-profit Chinese commercial software company. It is closed-source, networked and comes with code obfuscation. Simply put, a system-level application has closed, obfuscated code, which means developers writing code or modules that take advantage of the framework cannot take a detailed look inside the same. Since the code is obfuscated, there is no possibility of a third-party or external audit to ensure no data mining or harvesting takes place.
TaiChi Framework is developed and maintained by Shenzhen Dimen Space Network Technology Co., Ltd. While the Xposed Framework on the basis of which TaiChi is developed, is not a commercial production, TaiChi is a commercial product. In other words, the primary purpose of TaiChi or EXposed is to make money or profit.
Some users on XDA-Developers claim TaiChi runs nonstop, requires top permissions to stay in memory, corrupts package manager, and cannot be uninstalled. The only way to get rid of the framework is to execute ‘Factory Reset’, and then gain ROOT Permissions again by Rooting the device. In a preliminary study, Taichi had indicated it could send all the user’s operations to Crashlytics to track the user’s activities, could use fabric, and AppCenter to collect user data or possibly violate privacy. There are also some suspicious links within the framework. There are allegations about the framework remotely controlling software behavior from the cloud, having the ability to read and write files in /data/system without root permission, and bypass system restrictions to read IMEI.
What Are Working Alternatives For TaiChi Aka Exposed Framework?
Although yet to be disproven, the rising suspicions about TaiChi are enough reasons for developers and Android smartphone users to explore working, safe and open-source alternatives. The most obvious choice is the original Xposed Framework. It is being continually updated and is highly popular. There are multiple other alternatives to Xposed as well. Instead of TaiChi, developers and Android OS users can use XPatch or SPatch.
https://twitter.com/topjohnwu/status/1250656889467138048
Incidentally, TaiChi is being used by Pokemon Go players around the world. Hence, if this application is tracking/spying users or behaving as malware, it needs to be investigated, confirmed, and reported. An XDA-Developer member is currently investigating the claims. He claims TaiChi tried to upload all the operations of the user’s mobile phone to the server, and this is done in the background. Moreover, the Framework must be compulsorily granted Network Permissions, or else it cannot be used.
First of all getting rid of TaiChi is very easy, I dont know where the claim came from that one must factory reset its simply false. Even if you use the TaiCHi magisk module its easy to uninstall.2nd: The terms are in chinese but I screenshot and translated them, and nothing in there gave permission for them to data mine me, It did say they arent responsible if the data gets stolen and leaked which is slightly concerning but the terms first should have been translated before making accusations.3rd Its true TaiChi is closed source, and you can take it as you will, closed source doesnt autoicatly equal bad.
tiann, the devoloper at the very least did provide his reasons for not wanting to release the code. this is his quote:I’ve open-sourced a lot of code, but i don’t think open source is more safe than closed source from a higher perspective.”I create VirtualXposed, but it is abused finally. Many apps integrates the code, using the magic power provided by me and making malicious actions. They can obfuscate the source code and inject target apps, hook the functions, but you don’t know it at all. As far as i know, some famous apps in China already do this.Open-source, especially for apps like taichi, may cause more harm.In addition, I open sourced VirtualXposed, but there are still many guys criticize it is malicious. No matter what you do, there are always people saying you are malicious, selfish and so on.I am writing code to please myself, not satisfying someone else”
His English might be broken but hes essentially saying he released code before and it god abused.Now look, all this being said im not saying TaiChi is safe or that the dev is telling the truth we dont know, its a risk, but Xposed also causes many problems TaiChi doesn’t.
I use TaiChi accepting that risk because xposed was driving me insaine but i still want my modules. I can tell you that I can confirm that TaiChi was making un-encrypted connections to China, so very well this data mining may all be true, or it could just be caused by downloading modules through the app no way to tell but appsnitch did report those connections. At least my findings are actual findings though. The XDA article is all speculation.