For years, Chinese law enforcement has been using a lawful surveillance tool to collect extensive data from Android devices, cybersecurity firm Lookout reports.

Dubbed EagleMsgSpy and created by a Chinese software development company, the tool has been in use since at least 2017, and has only been deployed through physical access to the victims’ devices.

The spyware consists of an installer APK, which is likely executed by law enforcement officers with access to an unlocked device, and a headless surveillance module that runs on the device and collects sensitive information.

“We believe that this is the only distribution mechanism and neither the installer nor the payload have been observed on Google Play or other app stores,” Lookout says.

However, the security firm discovered that the tool might be used by multiple customers of the Chinese software vendor, as it requires an account when executed.

EagleMsgSpy’s surveillance module collects SMS messages, communication from multiple messaging applications, call logs, contacts, and browser bookmarks, and can capture screenshots and record the device screen and audio.

It also compiles a list of installed applications and a list of files on external storage, retrieves the device’s GPS coordinates, and collects information on WiFi and cellular network connections.

The collected data is stored in a hidden directory and then compressed and password protected before being sent to the command-and-control (C&C) server, which also hosts an administrative panel that requires user authentication.

Lookout’s analysis of the panel’s source code revealed multiple functions that distinguish between Android and iOS devices, but an iOS version of EagleMsgSpy has not been identified.

Based on the IP address of a C&C server, the surveillance tool has been linked to Wuhan Chinasoft Token Information Technology Co., Ltd., a Chinese technology company that appears to have been created in 2016, and which has less than 50 employees.

Lookout believes that the surveillance tool was developed and is maintained by the Chinese company and that several public security bureaus in mainland China (government offices acting as local police stations) are using it.

The cybersecurity firm also identified a link between EagleMsgSpy and CarbonSteal, a surveillance tool that has been used to spy on minorities in China, including Uyghurs and Tibetans.

Related: US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras

Related: US Sanctions Intellexa Executives as Surveillance Spyware Crackdown Expands

Related: Smart TV Surveillance? How Samsung and LG’s ACR Technology Tracks What You Watch

Related: House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes