Millions of eyes and ears. How Chinese electric cars and devices threaten Ukraine and the West

This material was prepared in cooperation of Militarnyi and the international information and analytical community Resurgam. The author, Kateryna Vodzinska, is an expert at the Resurgam analytical center on issues related to Southeast Asia and China.

Electric cars and smart devices are not just consumer technologies, but sensor platforms that aggregate and transmit large amounts of data. This can include geolocation and routes, telematics, network metadata, and sometimes audio or video. Some of this information can be used for navigation, security systems, personalization, and technical support.

But the volume and repeated collection make these devices points of constant surveillance. In times of peace and war, these information flows take on a security dimension. Even incomplete and scattered fragments collected from various sources can be combined to create an accurate map of the movements, connections, and operating modes of critical infrastructure.

Chinese technologies — from BYD and Zeekr electric cars to Xiaomi smartphones and DJI drones — are widespread throughout the world. But their presence in the global market is not just about China’s desire to make a profit. China gains much more — information that becomes a weapon in the geopolitical struggle.

China’s big data policy and its control over technology

The Chinese state has created legal and technological means to maximize control over all data collected by technology companies.

PRC legislation, such as the 2017 National Intelligence Law, dictates that any organization or citizen must “support, assist, and cooperate” with intelligence agencies. This means that all data collected by Chinese companies, whether from search engines, mobile apps, smartphones, or electric vehicles, must be provided to the Chinese government upon request. Additional cybersecurity and data security laws were also passed in 2021, significantly increasing the state’s access to business information.

In the Chinese model, business is controlled by the state, and no corporation can deny the authorities access to its servers or databases. Chinese law even allows the government to require manufacturers to install hidden technical “backdoors” (special channels of invisible access) in equipment or software.

Importantly, Chinese tech giants are not independent. If necessary, Beijing can force them to disclose any information they collect.

Even more alarming is that we do not know exactly what information Chinese-made “smart” devices collect and where that information ends up. For example, as revealed by a cybersecurity study conducted in Lithuania, popular Xiaomi smartphones have hidden content censorship features and transmit encrypted data to remote servers. According to the manufacturer, these servers are located in Singapore, but the company is not sure who actually receives this data.

This is one of many ways in which household devices can collect data arrays without our knowledge. Cameras on smartphones, sensors on smart watches, and components used in car navigation systems can track users, and sensitive information about users can be obtained.

We do not know exactly what data Chinese devices can transmit and where. But it is clear that all this information will become the property of the Chinese government if necessary.

Potential military use

Today, collecting and analyzing vast amounts of data about the enemy is vital to supporting modern warfare. This includes absolutely everything, from the health of the population to the movement of military supplies. Whoever does this much faster or with better results in terms of decision-making will win.

To win this race, China is spending heavily on artificial intelligence, supercomputers, and data center infrastructure. “Intelligent warfare,” adopted by the Chinese army as a concept, is the widespread use of AI, automation, big data analysis, and so on in military operations.

Under the policy of military-civilian integration (the so-called merging of the military and civilian spheres), the PRC’s security forces have access to the latest developments in the private sector. According to this logic, any such data collected by so-called “civilian” devices will be used for military intelligence purposes. New electric cars or drones are equipped with dozens of sensors, cameras, lidars, GPS, and microphones that constantly scan the environment.

If a number of these devices are on the road or near a large number of significant elements of another country, they may inadvertently collect intelligence data. For example, an electric car observes everything that happens on its way from point A to point B while moving, including the movement of convoys of equipment, the location of infrastructure, checkpoints, etc.

GPS data from smartphones can indicate patrol routes or troop movements. Smartwatch metrics can reflect disease outbreaks or stress levels in society. Everything from social media posts to surveillance camera footage can, when processed by artificial intelligence, reveal a country’s vulnerabilities.

China has already shown an appetite for foreign data. The theft of American personal and corporate data has been linked to hackers from China more than from anywhere else in the world, as former FBI Director Christopher Wray has described.

AI-based analytics can incorporate traffic signals, population internet usage, and other factors to identify (in real time) “hot spots” or anomalies. At first glance, what appears to be everyday user behavior becomes a strategic advantage in an operational environment controlled by hostile intelligence.

China is focusing not only on aggregating data within Chinese ecosystems, but also on expanding its control and access to data through acquisitions of foreign firms and through investments and mergers in more sensitive sectors.

This is why the West is paying increasing attention not only to the technology itself, but also to the extent to which a transaction provides potential access to personal profiles, geodata, network connections, behavioral patterns, and user metadata.

A case in point is the American dating app Grindr, which was acquired by the Chinese company Beijing Kunlun Tech. Eight former employees confirmed that engineers in Beijing had access to a database of 27 million users, including HIV status, real-time geolocation, and private messages. After reviewing the case, the Committee on Foreign Investment in the United States (CFIUS) deemed it a threat to national security and ordered the company to sell the app.

Another example is in the social media space. In November 2017, China’s ByteDance acquired the American platform Musical.ly for $1 billion, merging it with TikTok in August 2018. With over 170 million American users and over 1 billion globally, TikTok has amassed the largest behavioral data set in the West.

A leak of ByteDance’s internal records in June 2022 confirmed that engineers in China had repeatedly accessed American user data. After five years of regulatory wrangling, in December 2025, ByteDance signed an agreement to transfer control of its US business to a new joint venture, which will be controlled primarily by US investors.

Western restrictions on Chinese technology

Due to the nature of the threat posed by Chinese technology, Western countries have taken preventive measures. The US and its allies are also restricting the participation of Chinese companies in critical areas.

One example is the ban on Huawei and ZTE telecommunications equipment in the development of 5G networks. The US, UK, Australia, Japan, and other countries have banned these suppliers from accessing 5G networks due to fears of hidden “backdoors” and espionage. The UK plans to remove all Huawei equipment from its telecommunications infrastructure by 2027. Germany has also begun to assess its dependence on Chinese supplies in its mobile networks and is gradually removing them.

The restrictions do not only apply to 5G. Drones are also subject to scrutiny, as are smart cars. For example, drone manufacturer DJI is on the US national security blacklist.

In 2024, the US Congress passed a resolution that effectively banned the import of new drone models from China. In response, US lawmakers described the widespread appearance of Chinese drones in the air as a “counterintelligence nightmare.” In addition, the US banned surveillance equipment from companies including Hikvision, Dahua, and other Chinese manufacturers.

Other countries are implementing similar tactics. For example, Israel, after an internal review, completely banned Chinese cars from entering military bases. In 2025, the Israeli Defense Forces seized about 700 Chinese service vehicles issued to officers because these vehicles collected data on military movements and sent it to an external server. Israel feared that this data could end up in Iran via China.

Other countries are also tightening restrictions on Chinese technology. Lithuania has officially ordered its citizens to get rid of Chinese smartphones due to the discovery of censorship and data transfer functions in various locations abroad.

Canada, Australia, and a number of European countries have imposed bans on the use of Chinese equipment in the energy, transport, financial, and public sectors.

Western countries are finally beginning to understand that even “smart” and peaceful devices made in China can turn out to be a Trojan horse.

It is noteworthy that China itself prohibits foreign cars with modern sensors in certain areas, which is a formal recognition of the potential use of these technologies in espionage on its own part, or at least an understanding of these possibilities.

Risks for Ukraine

Ukraine also uses Chinese technology. Chinese electric vehicles, drones, and gadgets are already being used on the front lines and in the rear.

Chinese electric vehicles are somewhat popular among Ukrainian military personnel due to their relatively low cost. They are equipped with onboard systems that can record movements across the country, as well as the location of units and logistics chains, without warning soldiers.

If this becomes available to China, it cannot be ruled out that it will be passed on to Russia, which is Beijing’s strategic partner.

A similar dynamic has already played out with DJI drones. It is known that telemetry from commercial drones was used by the enemy to locate operators on the battlefield.

Another potential threat is Android smartphones from Chinese brands (Xiaomi, Huawei, OnePlus, and others) used by Ukrainians, including the military. These phones collect geolocation data and have access to the user’s microphone, camera, and contacts. Updates can be installed remotely, making it easier to hack the gadget in the event of cooperation between Russia and China, which cannot be ruled out.

In military terms, this means the ability to tell the enemy where a soldier is located or to eavesdrop on important conversations. This may include remote control of the device or hidden software updates that change the functionality of the gadget without the owner’s knowledge, or even remotely.

Solution

The widespread use of Chinese smartphones and other devices in the military and government sectors creates a vulnerability that an enemy cooperating with China could exploit for intelligence purposes. Ukraine will now have to combat these risks by minimizing them.

First, an audit of the law enforcement vehicle fleet should be conducted and, if possible, the use of Chinese electric vehicles and other Internet-connected vehicles should be removed or restricted. The example of Israel, where such vehicles are not found in critical areas, is a good one to follow. In fact, the audit should be broader in scope and cover the entire defense sector, including weapons production, where Chinese cars and gadgets could lead to the discovery of classified production facilities, with all the consequences that entails.

Second, strict restrictions should be imposed on the use of Chinese smartphones and gadgets by the military, especially in command positions. Soldiers and officers should use proven Western or specially protected means of communication to avoid data leaks.

Third, the way Chinese companies have negotiated cooperation in the telecommunications and IT sectors should be reviewed. In the past, Ukraine sought to involve Huawei in its 5G systems and even agreed on cybersecurity between the two sides, but security risks require these agreements to be suspended.

The construction of 5G and similar key systems should be carried out in close cooperation with the US, the EU, and NATO to avoid dependence on suppliers that our main partners do not trust. Chinese devices already imported into the country also need to be checked for unauthorized data transfer.

Ukraine must not be the “weak link” in the West’s large cybersecurity system. It is only fair that we automatically raise our requirements for the protection of the information space in light of integration with the EU. After all, our NATO and EU allies will not want to have a common space of similar security without the risk of information leaks through Chinese telecommunications networks.

Fourth, security agencies must improve security protocols, taking into account the current possibilities for external actors to use consumer technologies in hybrid influences and actions.

These rules must be agreed with partners, as Ukraine should not be the weak link in the security system. At the same time, Ukraine needs clear usage regimes for critical territories, stricter procurement standards, and institutional capacity to understand and mitigate risks at the state policy level.