As some internet users use location spoofers to fake their GPS location on social media, for example showing location in the Maldives while actually working in the office, China’s Ministry of State Security (MSS) warned on Monday that virtual location-spoofing apps could be exploited by foreign intelligence agencies as a  method of data theft, posing risks to state security.

According to a statement released by the MSS, location-spoofing apps can hide a phone’s real location and feed altered location information to location-tracking apps, effectively falsifying geolocation. The MSS warned that such tools can serve as a covert means to steal state secrets.

Foreign intelligence operatives may use location spoofers to fake their presence near sensitive facilities inside China, then approach personnel from government institutions, defense and military industry entities, and research institutes handling classified information via job search platforms and social media. By offering “high-paying part-time jobs,” they attempt to infiltrate and lure targets into divulging China’s state secrets, posing risks to state security, the MSS said.

The MSS also warned that some spoofing apps may carry Trojan malware that once the app is installed, can bypass mobile phones’ system defenses and secretly access microphones, cameras, and contacts, threatening user privacy and data security.

Accurate coordinates and surrounding environmental features of key military installations and other sensitive sites, after being repeatedly linked to real network IP addresses, hotspot data through virtual positioning, may be exposed via big data comparison. Once such fragmented data is collected by foreign intelligence agencies, it may endanger national security.

The MSS warned that foreign intelligence agencies may use location spoofers to conduct illegal activities online such as inducing defection. The ministry urged the public to stay alert to suspicious behavior in sensitive areas and avoid sharing sensitive information.

Besides, the authority urged stronger device security measures, warning against unofficial “device-modifying” apps, and advising regular updates, antivirus checks, and restricting unnecessary location and connection permissions.