MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes

Original Article ↗ Hacker News Discussion ↗

Distrust of Chinese software and user workarounds

  • Many commenters say they treat Chinese-made apps (especially games/emulators) as inherently untrustworthy and only run them in strong isolation: separate machines, VMs, separate phones, guest Wi‑Fi/VLANs, or Android work profiles (GrapheneOS profiles, Shelter, Samsung Secure Folder).
  • Some extend this to all proprietary software (“you really have to put everything in a box nowadays”), not just Chinese, due to pervasive analytics and network access.

China vs. Western companies and governments

  • One camp argues Chinese tech giants “have no sense of user privacy” and depend on aggressive data collection; this incident reinforces that view and a stereotype of “no ethics.”
  • Others push back that Western companies also monetize data heavily (e.g., SoundCloud sharing with hundreds of “partners,” normal SaaS analytics), and that focusing only on China is selective outrage.
  • Debate over which is worse: an adversarial foreign government vs. one’s own “three-letter agencies.” Several EU and US commenters say they view both US and China as adversarial regarding data.
  • Some highlight legal differences: EU–US mechanisms like Privacy Shield (imperfect) vs. the belief that similar arrangements with China are impossible to enforce.

Surveillance, evidence, and paranoia

  • Heated subthread about whether apps “listen” via microphones for ad targeting. Skeptics note lack of network evidence and risk of unfalsifiable conspiracy theories; others cite anecdotal experiences and the difficulty of monitoring encrypted, OS‑level behavior.
  • Broader worry about opaque hardware/firmware (Intel ME, PSP, TrustZone) making high‑assurance detection of nation‑state spyware extremely hard.

Anti‑cheat and gaming angle

  • Many see MuMu’s recurring 17-command scan as an anti‑cheat / anti‑piracy mechanism (ps aux, installed apps, etc.), consistent with Chinese Android emulators used for competitive games.
  • Still, commenters stress that periodic system-wide reconnaissance, and especially logging its results, is “security 101” bad practice and creates a serious local compromise risk.
  • General disgust with kernel-level anti‑cheat and disk‑scanning launchers (Chinese and Western), arguing the business model that depends on invasive client-side surveillance should not be acceptable.

macOS, sandboxing, and tooling

  • Surprise that macOS allows this kind of behavior despite Apple’s privacy marketing; criticism that app sandboxing is opt‑in and not truly “privacy focused.”
  • Suggestions: report MuMu to Apple for potential malware classification; use VMs (including UTM), work profiles, and tools like Little Snitch/fsevents to observe and contain such apps.

Motives, open source, and legality

  • Some invoke Hanlon’s razor: this might be incompetently implemented anti‑cheat rather than a state plot, though the sophistication and cadence look “very sketchy.”
  • One commenter notes MuMu’s own privacy policy explicitly mentions collecting process lists and app info to detect cheating.
  • Brief discussion that open-sourcing alone doesn’t solve the problem without control over the distributed binaries.
  • A few call for strong criminal penalties (including for executives) for spyware-like behavior.

Meta and geopolitics

  • Side discussion on “mainland China” terminology devolves into Taiwan/PRC/ROC status explanations.
  • A few are wary of the original report itself (brand-new accounts, LLM-like writing) but others find the behavior entirely plausible given the ecosystem.