Research has revealed that cellphones (HP) from China, such as Xiaomi Redmi and Oppo Realme, steal users’ personal data which are then transferred to China.
A report states that a series of pre-installed applications on Android phones from China transmit privacy-sensitive data to third-party domains without user consent or notification. This is very dangerous because it can involve personal data.
Researchers Haoyu Liu from the University of Edinburgh, Douglas Leith from Trinity College Dublin, and Paul Patras from the University of Edinburgh, point out that the leakage of personal information poses a serious risk to Chinese cellphone users.
The three researchers analyzed Android system applications downloaded on cellphones from three popular HP vendors in China, namely OnePlus, Xiaomi and Oppo Realme.
As a result, the researchers looked specifically at the information sent by the operating system and system applications.
The pre-installed apps suite consists of Android AOSP packages, vendor code, and third-party software. There are more than 30 third-party packages on every Android phone with Chinese firmware.
The default Chinese applications detected are Baidu, IflyTek, and Sogou on the Xiaomi Redmi Note 11. On the OnePlus 9R and Realme Q3 Pro, there is Baidu Map as a foreground navigation application and a Map package. And there are also news, video streaming, and online shopping apps bundled into the Chinese firmware.
“The data we observed being sent included fixed device identification (IMEI, MAC address), location identification (GPS coordinates, mobile network cell ID), user profiles (phone numbers, app usage patterns, app telemetry), and social relations (call history). /SMS/time, contact phone number, etc),” the researchers said in their paper, reported by The Register, quoted Saturday (19/8/2023).
Through a paper titled Android OS Privacy Under the Loupe – A Tale from the East, researchers claim that Redmi phones send post requests to the URL “tracking.miui.com/track/v4” every time the application Settings, Notes, Recorder, Phone, Messages , and Camera is opened and used.
However, the data is still sent even if the user deactivates the “Send Usage and Diagnostics Data” permission during device startup.
Data collection from these devices does not change once the devices leave China even if local jurisdictions impose stronger data protection rules.
“This information poses serious risks of (de-anonymizing) user disclosure and extensive tracking, especially since in China every phone number is registered under a citizen ID,” the researchers said.
Another researcher’s finding is that there are three to four times more native third-party apps on Chinese Android distributions than on Android from other countries. These apps get eight to 10 times more permissions for third-party apps compared to Android distributions from outside of China.
Source : CNBC
