A lot of people will bring disposable hardware (laptops, phones) to business trips to China, eg. Employee laptops in China.
Considering that most of that hardware was manufactured there, what is the added risk? I.e. why do we trust a computer that was born in China but not the one that went there later?
Because they had to be subtle when they bugged all the hardware in the world, the same as we had to be subtle when we bugged all the operating systems in the world, for fear of being caught.
But when they have physical control of a specific targeted machine, then they can be much less subtle.
Well, first some gear designed & made in China by Chinese OEMs, is, for all practical purposes, actually barred for import and use in important roles by U.S. companies and gov agencies. Namely, U.S. tech infrastructure companies have been, uh, strongly dissuaded from buying network equipment from Huawei by intelligence agencies and the Department of Homeland Security. (In Congressional testimony, officials have strongly implied that at least in one case they've actually found well-concealed, security-subverting design elements in a product in-the-wild. No details, of course.) So tech designed and/or made China isn't totally, completely without scrutiny & suspicion.
But, of course, if we're talking about what proportion of our personal electronic devices have parts made or assembled by sub-contractors in China, well, yeah, they're basically ubiquitous. However...
Second, for those devices general contractors and OEMs are theoretically able & willing to routinely sample and inspect the elements that their Chinese-based contractors are making and verify that they are to specifications. (Where those specifications have been closely-designed, with all functionality understood.) Even if usually more for purposes of quality assurance than security. Does that always happen with the production of every sub-contracted-out element? [insert lots of derisive laughter here] And, of course, you also have all those devices where the top OEM actually is Chinese (Lenovo, etc.), or where the real-OEM-under-the-logo-OEM is (Foxconn, etc.).
Which leads us to the last, but actually significant consideration:
Third, infecting with malware (or bugging with hardware) the computing devices of targeted Westerners who visit China and then sorting through the information generated as a result is a much, much, much less imposing task than attempting, in a much less targeted way, to (1) slip maliciously-redesigned hardware elements into tens or hundreds of millions consumer devices destined for the West; (2) exfiltrate, collect, and sort through the information produced by them for any actual intelligence of value; and (3) do all that without causing huge new international diplomatic blow-ups when the espionage modifications were inevitably detected. Incidents that probably would result in many few electronic things being made or assembled in China.
In other words, we trust that the Chinese state knows it wouldn't be in its interest to broadly bug the electronics stuff that China gets a lot of economic benefit exporting to us.
That being said, if I were CEO of, say, a $100 billion American tech company with super-valuable intellectual property would I hesitate a bit to use a laptop with a motherboard assembled in a Chinese factory dedicated specifically to producing electronics for luxury products eventually destined for use by foreign business executives? Well...
