Trip to China - safeguarding phone and laptop

Question

I am going to China for a 2 week vacation in a month

1. I will be taking a Google Pixel with a Verizon SIM and using it while there. I assume that if I don't use a local SIM, it would be difficult for someone to put malware on my phone but wanted to confirm if I am right about this

2. Are there instances of people being asked to unlock phones and laptops at the airports in China?

3. I was thinking of taking a Chromebook since that has full disk encryption. I read that it's easier to do a full reset on this than a Windows laptop. I have also read that malware can't be installed through USB on a Chromebook

I would not consider myself to be important to anyone in China and have a very run of the mill job.

I am trying to balance the likelihood of getting malware with convenience which comes from a phone or laptop. Have already signed up for 2 VPNs as well.

Would appreciate any suggestions about this or strategies people use when visiting China.

Answer 1

I flagged this as a duplicate because the elements of your question have been asked many times before; it's nothing personal. The linked thread should give you a good idea of what you're facing with your laptop (Chromebook or not) since it's easy to shoot yourself in the foot with bad OPSEC-- you're competing with the combined might of both corporate espionage and national intelligence agencies. Don't make the same mistakes that guy did, like plugging right back in to the corporate network upon return.

Even if you're "nobody important," don't assume you're not a target. You still have value as a patsy. Your credentials are desirable because if captured, they can allow foreign agents (corporate or government) access to your corporate network, within which they'll exfiltrate anything they can touch. The added bonus is that since you're "nobody important," your company may be unlikely to keep an eye on "your" activity-- unlike a higher-profile employee like a lead engineer, sysadmin or executive.

I assume that if I don't use a local SIM, it would be difficult for someone to put malware on my phone but wanted to confirm if I am right about this

Consider this-- the Chinese government is trying to move to a cashless society by forcing everybody to install WePay on their smartphones. While it serves a purpose (convenient payments), it also makes it so that in order to function at all in society and buy basic goods, you must consent to backdoor/keylog a device critical to your daily operations and have all your transactions monitored remotely.

In practice, it doesn't matter what SIM you use if you end up voluntarily installing government-controlled malware just to pay for McDonald's. That said, plenty of urban centers still take cash, but be wary of the seeming obligation to install random apps to ride the subway, buy things, whatever. Each one compromises your OPSEC.

I was thinking of taking a Chromebook since that has full disk encryption. I read that it's easier to do a full reset on this than a windows laptop. I have also read that malware can't be installed through USB on a Chromebook

FDE doesn't help if your machine is compromised while it's running and unlocked. The government has been known to replace links to Javascript libraries on unencrypted pages with malicious versions at the Great Firewall level. Browse with HTTPS only; there are plugins for this. VPN is also good, assuming you have one that actually works, and assuming it's not leaking DNS queries that get responded to with state-controlled IPs.

Being forced to unlock laptops at the border is largely a US thing. I haven't heard of anybody being forced to do it in China, but even so, what are your options besides refusal or compliance? Refusal will only end one way. FDE just makes it look like you have something to hide, and if in the end you're going to unlock it for them anyway, what was the point?

My opinion- don't bother with FDE. Just travel with clean images on your phone and laptop and assume both are compromised upon return. Change all your passwords and reimage your devices.

Answer 2

1. Your phone is basically a pocket computer that communicates with the world around it in a myriad of ways (wireless networks, blue tooth and cellular network, others?). It communicates using certain standards and protocols, and this will happen in more or less the same way no matter what sim you are using. I see no practical reason why a non-domestic sim should make you either more or less safe in China. If you are at all worried about the security of your phone, my personal choice would be to leave it at home. Instead keep the sim, but use it in a separate phone which has no vital information on it, and which is cheap enough that you can afford to throw it away (or save until your next trip) once you get back from your vacation.

2. I don't know what they might ask you to do at a Chinese airport, but if you follow the advice above, this will not matter anyway, since the phone you carry with you will not contain any sensitive information.

3. No idea. A Chromebook may be a wise choice. Probably better in any case, than bringing your regular PC, which may potentially contain a lot more sensitive information.

---

One more thing: Signing up for VPNs is a good idea, but make sure they will actually work in China. Their "Great Firewall" apparently makes using TOR quite difficult, and also blocks a number of VPN's. A quick google search may provide some insight, or perhaps your VPN providers will have some information of their own, e.g. an FAQ.