DOCSLIB.ORG

Privacy and Security Issues in BAT Web Browsers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Privacy and Security Issues in BAT Web Browsers Jeffrey Knockel1,2, Adam Senft2, and Ronald Deibert2 1Dept. of Computer Science, University of New Mexico 2Citizen Lab, Munk School of Global Affairs, University of Toronto Abstract released a free browser: Baidu Browser, UC Browser (de- In this position paper, we summarize our technical analy- veloped by Alibaba-owned UCWeb) and QQ Browser. sis of the security and privacy vulnerabilities in three web All based on the Chromium platform, these browsers of- browsers developed by China’s three biggest web com- fer a set of features not generally offered by browsers like panies: UC Browser, QQ Browser and Baidu Browser; Chrome and Safari, including integration with each com- developed by UCWeb (owned by Alibaba), Tencent and pany’s product suite, built-in torrent support, mouse ges- Baidu, respectively. We found them to consistently con- tures, and compression features aimed at reducing mobile tain sensitive data leaks and remote code execution vul- data usage. nerabilities in their update processes. Despite the mas- The three applications have earned millions of users, sive user bases of these browsers, particularly in China, particularly in China and throughout Asia. QQ Browser there has been limited attention paid to the applications by and UC Browser are amongst the top 5 most used the information security research community. This lack browsers in China, while Baidu Browser falls outside of attention is problematic, as it is known that the inse- of the top ten [22]. UC Browser is the clear leader of cure transmission of personal user data by UC Browser the three internationally, and is by some estimates the has been used by the intelligence community to perform second most popular mobile web browser globally, after surveillance. We conclude by evaluating explanations Chrome [21]. However, despite the significant user bases for why this class of apps has such uniform security and of these applications, as well as the dominant market po- privacy issues, and recommend researchers better en- sitions of their parent companies, there is limited research gage software development companies in developing and into the privacy and security practices they employ. Our newly industrialized economies. research demonstrates that this lack of attention has been problematic. 1 Introduction In this paper, we describe the results of detailed secu- rity analyses of the three browsers, including what user Browsers are ubiquitous across all platforms and hard- data is collected, stored and transmitted by the browsers, ware types, and so the variety of browsers available— what methods are used to secure these transmissions, and particularly on mobile devices—is wide. Although most whether the applications exhibit any vulnerabilities that browsers contain similar features, the manner in which could compromise the privacy and security of user data. they collect and use personal user data may vary widely. In addition, we discuss our responsible disclosure of these This is concerning, as web browsers are used to transmit issues to the three companies. sensitive user data across a broad variety of media and Our main findings are as follows: devices. Each browser collects and transmits significant Nowhere is the market for third-party browsers more amounts of personal user data. All three browsers col- competitive than in China, particularly amongst the coun- lected and transmitted a large number of personal data try’s “Big 3” tech giants. These companies—Baidu, points, including a variety of hardware identifiers, loca- Alibaba, and Tencent, collectively known as “BAT”— tional data, and user web browsing history. operate in China’s highly competitive and dynamic mar- Each browser uses insecure methods to transmit ket, where the absence of companies dominant in western this data. Each application transmitted user data through markets have opened up opportunities in the largest Inter- insecure means, ranging from using easily decrypted net market in the world. The three companies have each symmetric encryption methods to sending user data with- 1 out any encryption. Browser O/S (Edition) Version Each browser has vulnerabilities in the software up- Baidu Browser Windows (C) 7.6.100.2089 date process. At least one version of each browser per- Baidu Browser Windows (I) 43.22.1000.452 formed software updates in a manner which left it vulner- Baidu Browser Android (C) 6.2.18.0 able to an attacker executing arbitrary code. Baidu Browser Android (I) 5.1.0.1 The browsers did not use established, industry- QQ Browser Windows 9.2.5478 standard methods of securing data transmissions. The QQ Browser Android 6.3.0.1920 methods employed to secure the transmission of personal UC Browser Windows (C) 5.5.10106.5 data, where used at all, did not use well-tested implemen- UC Browser Windows (I) 5.5.9936.1231 tations of industry-standard protocols (such as OpenSSL) UC Browser Android (C) 10.9.0.703 and were often home grown. UC Browser Android (C) 7.9.3.103 These results show that these privacy and security con- UC Browser Android (I) 10.9.0.731 cerns are not isolated to any one company, and reflect broader issues with development and security of applica- Table 1: Application versions analyzed; (I) refers to inter- tions popular in China. As a result, we argue that security national edition, (C) refers to Chinese-language edition researchers should focus more attention on these applica- tions, which are used by hundreds of millions of people without significant external scrutiny. There is some prior research on both the leakage of personal data as well as the execution of malicious code in the three browsers. Wu and Chang [25] examined 115 2 Background and Related Work Android web browsers, finding that more than half, in- cluding versions of Baidu and UC Browsers were vul- The application’s developers are the three biggest tech- nerable to attackers gaining access to personal user data nology companies in China, collectively dominating the stored on the device. Similarly, Wu and Chang [26] online search, social media and e-commerce fields [27]. find that Android versions of QQ and Baidu Browsers Baidu’s search engine dominates the Chinese market in are vulnerable to attacks which could compromise pri- the absence of Google, having captured 70% market vate user data. Ma [14] finds that vulnerabilities with UC share and recording over 660 million mobile monthly Browser’s integration of Alibaba’s search engine Shenma search users in March 2016 [2]. Tencent operates two caused the active user sessions for a number of popular of the world’s largest communications platforms, with Chinese social media sites to be cached by the search en- QQ Instant Messenger having 853 million users and mo- gine, allowing anyone to gain access to user accounts. bile messenger WeChat/Weixin having 697 million active Liu and Wang [13] use automated methods to identify monthly users [24]. Alibaba operates a number of the the leakage of personal data in popular Chinese Android largest e-commerce sites in China, including Taobao and apps, confirming Dalek et al.’s earlier findings [5] about TMall, which have over 367 million active shoppers [7]. leakage in UC Browser via a hard-coded AES key. Combined, the companies operate five of China’s top seven most visited websites [1]. 3 Technical Analysis Definitive estimates of the market share of these three browsers are difficult to obtain. Of the three browsers ex- Our analysis includes both Android and Windows ver- amined, UC Browser is by far the most popular, ranking sions of Baidu Browser, QQ Browser, and UC Browser. as the most popular mobile browser in China, India and In total, we examined 11 different versions, as summa- Indonesia [20], and is by some estimates the second most rized in Table 1. popular mobile browser in the world [21]. While some es- We found that each version of the browsers we ana- timates report QQ and Baidu Browsers as the second and lyzed collected personally identifying information such third most popular mobile browsers in China [4], others as hardware serial numbers. Many also transmit loca- put their combined market share at less than 10% [21]. tion information such as GPS coordinates or nearby WiFi The insecure transmission of personal user data and networks, and most track the full URLs of pages viewed, potential for the execution of arbitrary code in these ap- even if the pages were originally retrieved via HTTPS. plications are not merely hypothetical concerns. Docu- We also found that each version of the browser trans- ments leaked by Edward Snowden show that western in- mitted this data via easily decryptable encryption. By telligence agencies had, as far back as 2012, identified this we do not mean that the encryption algorithm used is information leakage vulnerabilities in UC Browser and itself insecure (although in many cases it is). Instead we successfully used them to design an XKeyscore plugin to mean that the encryption is entirely symmetric and uses surveil users of the application [6]. hard-coded keys. Since the algorithms are not asymmet- 2 Browser (O/S) PII Location Activity Data point Type Encryption Baidu Browser (W) X X IMEI PII Easily decryptable Baidu Browser (A) X X X GPS coordinates Location Not encrypted QQ Browser (W) X X In-range WIFI Location Easily decryptable QQ Browser (A) X X X access points UC Browser (W) X X Search terms Activity Not encrypted UC Browser (A) X X Full HTTP(S) Activity Not encrypted URLs Table 2: Whether the latest version of each Chinese- language browser was found to leak a user’s personally Table 4: Data leaks in version 6.2.18.0 of Chinese- identifiable information, location, or browser activity; language Baidu Browser for Android (W) refers to Windows version, (A) refers to Android ver- sion MCBC+MTEA algorithm, and the downloaded binary is Data point Type Encryption only verified using MD5 hashes, not digital signatures.
Recommended publications
  • Publicis Groupe Alibaba Partnership 190617 FINAL

    Publicis Groupe Alibaba Partnership 190617 FINAL

    PUBLICIS GROUPE AND ALIBABA ANNOUNCE CHINA UNI MARKETING PARTNERSHIP Publicis Groupe is the first agency to work with Alibaba in Uni Marketing Paris, 19 June 2017 - Reinforcing the organization’s commitment to leadership in digital, data and technology, PuBlicis Groupe [Euronext Paris: FR0000130577, CAC40] launched today a partnership with Alibaba bringing benefit to the clients of Publicis Media, Publicis Communications and Publicis.Sapient. Alibaba’s Uni Marketing framework is a complete product portfolio powered by data that enables brands to have control of brand building across the Alibaba ecosystem in China. The partnership with Publicis Groupe in China will focus on the following key areas: 1. Harness the power of Uni Desk to generate deeper consumer insights, inform content decisions and enable true precision storytelling Publicis Groupe and Alibaba will collaborate to create data enabled media planning features and functions tailored to client needs under the Uni Desk tool suite. Publicis Groupe specialists will work with Alibaba Uni Desk product teams to create and refine the product offer, especially in data labeling and segmentation methods, dimensions of success metrics and tracking enhancement to best serve brand marketers’ needs. 2. Create in-content innovation with the support of Uni ID data infrastructure. Real-time data driven insights to design and inform locally relevant creative content. Enable customized content Journey across the Alibaba ecosystem, including Tmall, Taobao and beyond e-commerce into Youku, Tudou and UCWeb for Video, Gaode Map and and Sina Weibo for Social. 3. Create unique media and content solutions around key occasions and events. Create marketing solutions around key occasions and events, to transform shopping occasions into meaningful life moments enabled by brand experiences.
  • China's Air Defense Identification System

    China's Air Defense Identification System

    China’s Air Defense Identification System: The Role of PLA Air Surveillance BY MARK STOKES n the wake of the 18th Central Committee's Taiwan as an Indirect Political Target? Third Plenum in November 2013, the People’s Republic of China (PRC) Ministry of The PLA has a history of using airpower I as an instrument of coercive persuasion against National Defense (MND) announced the establishment of its first air defense Taiwan. The PLAAF began flights over the identification zone (ADIZ). The announcement Taiwan Strait in 1996, and extended operations 3 outlined procedures for aircrafts flying within to the centerline in 1999. Public discussion the ADIZ boundaries off China’s eastern coast. regarding establishment of an ADIZ system Citing PRC national defense and civil aviation began at least as early as 2007. At that time, laws, an MND spokesman added “this airspace, Taiwan’s China Times, citing Republic of China demarcated outside the territorial airspace, (ROC; or Taiwan) MND sources, reported allows a country to identify, monitor, control and deliberations underway in China regarding dispose of entering aircraft. It sets aside time for establishment of an ADIZ over the Taiwan Strait. early warning and helps defend the country's Also addressed was a PRC initiative to open a airspace.” He further noted that, “China will new commercial air route along the centerline of establish other air defense identification zones the Taiwan Strait that could hinder ROC Air 4 at an appropriate time after completing Force training and “squeeze” Taiwan’s airspace. preparations.”1 The announcement naturally heightened …other potential drivers may offer tensions within the region.
  • Opera Mini Application for Android

    Opera Mini Application for Android

    Opera Mini Application For Android Wat theologized his eternities goggling deathy, but quick-frozen Mohammed never hammer so unshakably. Fain and neverfringillid headline Tyrone sonever lambently. reapplied his proles! Tracie meows his bibulousness underdevelop someplace, but unrimed Ephrayim This application lies in early on this one knows of applications stored securely for example by that? Viber account to provide only be deactivated since then. Opera Mini is a super lightweight browser that loads web pages faster than what every other browser available. Opera Mini Browser Latest News Photos Videos on Opera. The Opera Mini for Android lets you do everything you any to online without wasting your fireplace plan It's stand fast safe mobile web browser that saves you tons of. Analysis of tomorrow with a few other. The mini application for opera android open multiple devices. Just with our site on a view flash drives against sim swap scammers? Thanks for better alternative software included in multitasking is passionate about how do you can browse, including sms charges may not part of mail and features. Other download option for opera mini Hospedajes Mirta. Activating it for you are you want. Opera mini 16 beta android app has a now released and before downloading the read or full review covering all the features here. It only you sign into your web page title is better your computer. The Opera Mini works the tender as tide original Opera for Android This app update features a similar appearance and functionality but thrive now displays Facebook. With google pixel exclusive skin smoothing makeover tool uses of your computer in total, control a light.
  • V6.0 Free Trial for New Users

    V6.0 Free Trial for New Users

    S V6.0 Free Trial for New Users ○ As a new user, you can scan the QR code to have a free trial of 40 products up to 6 months. The free trial will help you find a way to host your business in the cloud. Scan to Learn More Referral Rewards ○ As an existing user, you can recommend Alibaba Cloud products to your friends and win a rebate up to 15%. You will also have the opportunity to become an Alibaba Cloud advocate and get more rewards, such as a free service package and a ticket to the Cloud Computing Conference. Top 10 advocates of the year can win surprising rewards. Scan to Learn More www.aliyun.com COMPUTING ALIBABA CLOUD 计算 PRODUCTS 5 ABOUT ALIBABA CLOUD Established in 2009, Alibaba Cloud (www.alibabacloud.com), the cloud computing arm of Alibaba Group, is China's largest provider of public cloud services in 2016 by revenue, according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations and government organizations. Alibaba Cloud is the official Cloud Services Partner of the International Olympic Committee. MORE THAN JUST CLOUD COMPUTIN www.aliyun.com COMPUTING Elastic Compute Service (ECS) Elastic Compute Service (ECS), a simple and efficient computing service with elastically scalable processing capabilities, helps you quickly construct more stable and secure applications, enhance O&M efficiency, and reduce IT costs so Scan to you can focus on core business innovation. Learn More Global Data Centers ○ This service has deployed data centers in 14 regions on 4 continents to give you an outstanding product and service experience.
  • The Long Shadow of Chinese Censorship: How the Communist Party’S Media Restrictions Affect News Outlets Around the World

    The Long Shadow of Chinese Censorship: How the Communist Party’S Media Restrictions Affect News Outlets Around the World

    The Long Shadow of Chinese Censorship: How the Communist Party’s Media Restrictions Affect News Outlets Around the World A Report to the Center for International Media Assistance By Sarah Cook October 22, 2013 The Center for International Media Assistance (CIMA), at the National Endowment for Democracy, works to strengthen the support, raise the visibility, and improve the effectiveness of independent media development throughout the world. The Center provides information, builds networks, conducts research, and highlights the indispensable role independent media play in the creation and development of sustainable democracies. An important aspect of CIMA’s work is to research ways to attract additional U.S. private sector interest in and support for international media development. CIMA convenes working groups, discussions, and panels on a variety of topics in the field of media development and assistance. The center also issues reports and recommendations based on working group discussions and other investigations. These reports aim to provide policymakers, as well as donors and practitioners, with ideas for bolstering the effectiveness of media assistance. Don Podesta Interim Senior Director Center for International Media Assistance National Endowment for Democracy 1025 F Street, N.W., 8th Floor Washington, DC 20004 Phone: (202) 378-9700 Fax: (202) 378-9407 Email: [email protected] URL: http://cima.ned.org Design and Layout by Valerie Popper About the Author Sarah Cook Sarah Cook is a senior research analyst for East Asia at Freedom House. She manages the editorial team producing the China Media Bulletin, a biweekly news digest of media freedom developments related to the People’s Republic of China.
  • Media Kit 2021

    Media Kit 2021

    MEDIA KIT 2021 1 SCMP Advertising’s mission is to help brands and partners SCMP Lighthouse to support our clients with purposeful make an impact with readers who want to understand intelligence that delivers more effective and efficient global issues from an Asian perspective. Its principal focus campaigns with better-targeted audiences. At the same is to deliver effective and efficient marketing solutions time, brand safety is a top priority for us and partners can that engage and activate the right audiences and deliver continue to trust our platform with our publisher-built ROI that matters. brand suitability tool in SCMP Signal. Bringing our news business forward into the digital age has We have a well-established foundation of award-winning advanced our mission to lead the global conversation about expertise and creative experience in Morning Studio that China while broadening our international relevance and bridge our clients to success with bespoke global reach. Through our award-winning journalism, we brand-storytelling solutions. The team is committed to cover China and Asia with depth and unparalleled nuance give voice to your brand and take its unique narrative to for nearly 51 million monthly readers globally. What sets us new heights by connecting with audiences through apart is how we connect thought-leading editorial industry-leading digital tools and services. content with brands across print and digital media platforms, develop marketing solutions and run campaigns Our team operates with a conviction to pave new ways for that deliver results. brands to drive growth and ROI in the digital age of news publishing.
  • Tracking Users Across the Web Via TLS Session Resumption

    Tracking Users Across the Web Via TLS Session Resumption

    Tracking Users across the Web via TLS Session Resumption Erik Sy Christian Burkert University of Hamburg University of Hamburg Hannes Federrath Mathias Fischer University of Hamburg University of Hamburg ABSTRACT modes, and browser extensions to restrict tracking practices such as User tracking on the Internet can come in various forms, e.g., via HTTP cookies. Browser fingerprinting got more difficult, as trackers cookies or by fingerprinting web browsers. A technique that got can hardly distinguish the fingerprints of mobile browsers. They are less attention so far is user tracking based on TLS and specifically often not as unique as their counterparts on desktop systems [4, 12]. based on the TLS session resumption mechanism. To the best of Tracking based on IP addresses is restricted because of NAT that our knowledge, we are the first that investigate the applicability of causes users to share public IP addresses and it cannot track devices TLS session resumption for user tracking. For that, we evaluated across different networks. As a result, trackers have an increased the configuration of 48 popular browsers and one million of the interest in additional methods for regaining the visibility on the most popular websites. Moreover, we present a so-called prolon- browsing habits of users. The result is a race of arms between gation attack, which allows extending the tracking period beyond trackers as well as privacy-aware users and browser vendors. the lifetime of the session resumption mechanism. To show that One novel tracking technique could be based on TLS session re- under the observed browser configurations tracking via TLS session sumption, which allows abbreviating TLS handshakes by leveraging resumptions is feasible, we also looked into DNS data to understand key material exchanged in an earlier TLS session.
  • What the Floc?

    What the Floc?

    Security Now! Transcript of Episode #811 Page 1 of 30 Transcript of Episode #811 What the FLoC? Description: This week we briefly, I promise, catch up with ProxyLogon news regarding Windows Defender and the Black Kingdom. We look at Firefox's next release which will be changing its Referer header policy for the better. We look at this week's most recent RCE disaster, a critical vulnerability in the open source MyBB forum software, and China's new CAID (China Anonymization ID). We then conclude by taking a good look at Google's plan to replace tracking with explicit recent browsing history profiling, which is probably the best way to understand FLoC (Federated Learning of Cohorts). And as a special bonus we almost certainly figure out why they named it something so awful. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-811.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-811-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson is here. We've got a new fix for the Microsoft Exchange Server flaw. This one's automatic, thanks to Microsoft. We'll also take a look at some nice new features in Firefox 87. You can get it right now. And then, what the FLoC? We'll take a look at Google's proposal for replacing third-party cookies. Is it better? It's all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 811, recorded Tuesday, March 23rd, 2021: What the FLoC? It's time for Security Now!, the show where we cover your privacy, your security, your safety online with this guy right here, Steve Gibson from GRC.com.
  • China's Rise in Artificial Intelligence

    China's Rise in Artificial Intelligence

    EQUITY RESEARCH | August 31, 2017 Piyush Mubayi +852-2978-1677 [email protected] Goldman Sachs (Asia) L.L.C. Elsie Cheng +852-2978-0820 [email protected] China's Rise in Goldman Sachs (Asia) L.L.C. Heath P. Terry, CFA +1-212-357-1849 [email protected] Artificial Intelligence Goldman Sachs & Co. LLC The New New China Andrew Tilton For the exclusive use of [email protected] +852-2978-1802 China has emerged as a major global contender in the field of AI, the apex [email protected] technology of the information era. In this report, we set out China’s Goldman Sachs (Asia) L.L.C. ambitious top-down plans, the factors (talent, data and infrastructure) Tina Hou that make China unique and the companies (Baidu, Alibaba and Tencent) +86(21)2401-8694 that are making it happen. We believe the development of an ‘intelligent [email protected] economy’ and ‘intelligent society’ by 2030 in China has the potential to Beijing Gao Hua Securities drive productivity improvement and GDP growth in the next two decades. Company Limited Goldman Sachs does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that the firm may have a conflict of interest that could affect the objectivity of this report. Investors should consider this report as only a single factor in making their investment decision. For Reg AC certification and other important disclosures, see the Disclosure Appendix, or go to www.gs.com/research/hedge.html.
  • Wechat About China's Tencent

    Wechat About China's Tencent

    We Build Connections QQ Weixin For Enterprises: For Users: For Tencent: • Access to vast user base • Always connected • Deepen user stickiness via broadened • Unified user log-in enables CRM and • Enjoy a wide range of integrated social product offerings targeted advertising entertainment and content offerings, built • Increase traffic conversion through • Online payment facilitates transactions upon IPs and tech innovations transactions and advertising • Integrate capabilities across different • Access to rich mix of services and • Tap into new opportunities as the products to facilitate digital upgrades, e.g., transact at fingertips economy digitizes Weixin, WeChat Work, Tencent Meeting WeChat about 2 China’s Tencent Chris Wheldon, co-Portfolio Manager of the Magellan High Conviction strategy, and Ryan Joyce, co-Head of Magellan’s Technology team, explain why Tencent is a high-quality business, why the strategy invested in the company recently, what risks the investment poses and why Tencent performed well during the pandemic’s Chris Wheldon Ryan Joyce initial stages. Tencent is one of the High Conviction Q1. strategy’s top five positions. Can you please tell us about the company? A: Tencent was founded in 1998 as a Chinese instant-messaging service and web portal named QQ and subsequently built itself into a PC-based social network similar to today’s Facebook. In 2011, Tencent launched the WeChat mobile app, now China’s leading social “WeChat’s 1.2 network and communications platform and core to the company’s billion users average success. WeChat’s 1.2 billion users average nearly 100 minutes per day, every day, on the app.
  • What China Reveals About the Future of Shopping by Chris Biggs, Amee Chande, Erica Matthews, Pierre Mercier, Angela Wang, and Linda Zou

    What China Reveals About the Future of Shopping by Chris Biggs, Amee Chande, Erica Matthews, Pierre Mercier, Angela Wang, and Linda Zou

    The New Retail: Lessons from China for the West WHAT CHINA REVEALS ABOUT THE FUTURE OF SHOPPING By Chris Biggs, Amee Chande, Erica Matthews, Pierre Mercier, Angela Wang, and Linda Zou magine being in the middle of Times series on the future of retail, provides an ISquare, surrounded by flashing lights, overview of e-commerce in China today fast-talking vendors, street performers, live and explores some of those key differences. music, noisy traffic jams, and endless other distractions. Now imagine you’re online and surrounded by the same energetic The Digital Revolution Goes chaos. Welcome to China’s digital market- Mobile place, where shopping is an adventure—a When Amazon and e-tailing disrupted US fire hose of rapidly changing content, offers, shopping in the 1990s, retailers and con- products, colors, and choices. For Western sumers alike had to rethink their deeply in- shoppers accustomed to simple, transac- grained habits. By contrast, physical retail tional online buying, it’s a culture shock. in China was less developed. The digital revolution coincided with the growth of China has more e-commerce activity than disposable income and consumption. As a any country in the world today. According result, e-commerce quickly became the to China’s National Bureau of Statistics, norm, and its development was fast-tracked Chinese consumers spent $750 billion on- to the point where China pulled ahead of line in 2016—more than the US and the the West. (See Exhibit 1.) UK combined. That is a jaw-dropping num- ber, but even more interesting is how dif- China is also a pioneer in mobile commerce.
  • China's Quest for Global Primacy: an Analysis of Chinese International

    China's Quest for Global Primacy: an Analysis of Chinese International

    C O R P O R A T I O N TIMOTHY R. HEATH, DEREK GROSSMAN, ASHA CLARK China’s Quest for Global Primacy An Analysis of Chinese International and Defense Strategies to Outcompete the United States For more information on this publication, visit www.rand.org/t/RRA447-1 Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-1-9774-0615-6 Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2021 RAND Corporation R® is a registered trademark. Cover images: prospective56/iStock/ Getty Images Plus; MF3d/iStock/Getty Images Plus Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org Preface This research explores possible international and defense strategies that China might employ to outcompete the United States and achieve a position of international primacy.