Visitors looking to enter the Xinjiang region of China are being forced to install a piece of malware on their phones that can read the device’s calendar entries, text messages, and call logs and upload them to a server, according to reporting by Motherboard, Süddeutsche Zeitung, The Guardian, The New York Times, and German public broadcaster NDR. During the half-day long process of crossing the border, a border guard will take a visitor’s phone and install the Android malware, known as BXAQ or Fengcai, which scans the phone for anything from Islamic content to Japanese metal bands. While it’s been reported that the Muslim Uighur population in Xinjiang is subject to surveillance by the Chinese authorities, this is evidence that this surveillance extends to foreigners as well. “This is yet another example of why the surveillance regime in Xinjiang is one of the most unlawful, pervasive, and draconian in the world,” Edin Omanovic, state surveillance programme lead at Privacy International, told Motherboard.