China OSINT: Mass Surveillance Tech
iFlytek (科大讯飞), China's largest voice-recognition company, has been on the U.S. Entity List since 2019 for human-rights violations in Xinjiang. Its ASR technology is significant enough to be tested alongside Google, Amazon, and Alibaba in recent academic security research (USENIX Security 2025). Leaked internal documents now provide the first technical proof of what that surveillance infrastructure actually looks like — and the scale is staggering.
RedRadar obtained and analyzed a trove of leaked internal documents including source code, database schemas, API configurations, and strategic planning materials. What we found removes any remaining ambiguity about iFlytek's role in China's surveillance state.
The smoking gun: the security apparatus as a deployed customer
Intelligence analysts have long suspected iFlytek's involvement with Chinese security services. The leaked documents eliminate any doubt — internal platform operations reports explicitly name 政法 (zhèngfǎ) as a deployed business line for iFlytek's video-analysis capabilities.
For readers unfamiliar with Chinese bureaucratic terminology: 政法 refers to the Political-Legal Committee system (政法委) — the Chinese Communist Party organ that coordinates and controls:
- 公安机关 — Public Security (police / PSB)
- 国家安全机关 — State Security (MSS / intelligence)
- 人民法院 — People's Courts
- 人民检察院 — People's Procuratorate (prosecutors)
This is the entire Party-controlled security and judicial apparatus — not just police, but the full domestic surveillance and social-control infrastructure. This is not inference. It's stated plainly in iFlytek's own internal operations report: their video-surveillance AI is deployed to serve China's security apparatus.
Huawei surveillance integration
Strategic planning documents reveal deep technical integration with Huawei's surveillance infrastructure, and internal issue-tracking logs corroborate active technical work on Huawei systems. These are not theoretical partnerships — they're active work orders showing iFlytek engineers building and maintaining Huawei surveillance-system integrations. Both companies are on the U.S. Entity List.
Surveillance customization isn't a side business. It's the core model.
The strategic planning document contains a revealing admission about resource allocation: the majority of iFlytek's AI research and development services specific client requirements — primarily government security agencies. That single detail reframes everything.
Scale: 270 million monthly voiceprints
Claims about "mass surveillance" in China often lack specificity. The leaked ASE Platform operations report provides exact numbers.
Technical proof: device-fingerprinting source code
Previous reporting on Chinese surveillance has leaned heavily on policy analysis and corporate relationships. The leaked source code provides something different: technical proof of exactly how the data collection works. The fingerprinting pattern appears consistently across multiple service types — speech recognition, text-to-speech, natural language processing. It's not incidental logging. It's systematic collection by design, built into the SDK that developers integrate into their applications.
Database schema: national ID card storage
Database mapping files reveal infrastructure purpose-built for storing Chinese citizen identity documents. The Chinese national ID card (居民身份证) contains extensive personal information: full legal name, photograph, an 18-digit ID number encoding birthdate and region, address, ethnicity, and issuing authority. The schema links this to user accounts via a foreign key, enabling correlation between biometric data — voiceprints, device fingerprints — and verified government-issued identity.
Production credentials: proof of authenticity
How do we know these documents are genuine and not fabricated? The leaked configuration files contain production database credentials with consistent internal naming conventions — the kind of operational detail that a fabrication doesn't reproduce.
The sanctions paradox
iFlytek was added to the U.S. Entity List on October 7, 2019. Yet as of publication, iFlytek consumer products — translation devices, voice recorders, smart pens — remain available on Amazon US and other Western e-commerce platforms, marketed with privacy-focused messaging.
The same company operating population-scale biometric surveillance infrastructure for Chinese public security simultaneously sells consumer electronics to American households. The Entity List designation restricts U.S. companies from exporting technology to iFlytek — it does not prevent iFlytek from selling to U.S. consumers.
This report is an exclusive investigation by the RedRadar Intelligence Team.