A new study posted on arxiv.org shows that manufacturers of China’s most popular Android smartphones are collecting large amounts of easily traceable personal data. Specifically, the China data transfer OnePlus 9R, Xiaomi Redmi Note 11 and Realme Q3 Pro were studied during the study.
China is the world’s largest smartphone market, with more than 70% of phones in the country running Android. Researchers from the University of Edinburgh and Trinity College Dublin have discovered that OnePlus, Xiaomi and Oppo Realme smartphones sold in China are transferring large amounts of data to various parties without the user’s consent.
Phones come with a lot of pre-installed system and third-party apps with dangerous privileges that are enabled by default. This allows them to collect and share identifiable information related to persistent device identifiers, location, user profile, and the owner’s social relationships.
The study assumed that the owner was a privacy-conscious consumer who opted out of analytics and did not use cloud storage and additional third-party services. Even so, smartphones send information unique to a particular device, such as:
- Device identifiers such as IMEI number and MAC address
- GPS coordinates that show the current location of the device
- Settings and information related to the user: phone number, application usage patterns and performance data
- Social data such as call and SMS history and contact numbers
Users are not notified of the data transfer, and there is no possibility to opt out of it. This data can be easily tied to a specific owner and can be used to track activity and movements. Personal information is sent to device vendors, Chinese network operators (whether or not a SIM card is inserted), and service providers such as Baidu.
The analysis was conducted on mobile devices sold in China and running local Android distributions. Consumers who bought their devices in China should be careful, as the study found that data collection continues even if the user is outside of China.
Chinese device firmwares have far more installed third-party software than international versions intended for consumers in Europe and other countries. Also, the number of granted program permits is significantly different.
For Ukrainian users, the potential danger lies in the transfer of personal data to China when using devices originally intended for the Chinese market, bought on Aliexpress or in any other way. Obviously, the danger remains when using Chinese device firmware, which can be downloaded from the network and installed on a smartphone. Anticipating the objection “what difference does it make if my data goes to China or not?” We will remind that China and the aggressor state Russia are friendly countries and can exchange data.
The US Senate has banned TikTok from all government employees’ devices. A bill has been submitted to ban all social networks associated with totalitarian countries
Source: Phone Arena