Smartphones spy in Chinese
OnePlus, Xiaomi, Oppo, Realme mobile phones send personal data and location of users to device and software manufacturers
The original of this material
© CNews.ru02/08/2023, Xiaomi and Realme smartphones beloved by Russians turned out to be a tool of total surveillance
Smartphones of Chinese brands in demand in Russia tirelessly monitor users. The most detailed information about them is sent to device manufacturers and application developers. Some of the data may reveal the identity of the user and point to his location.
Personal pocket spy
Smartphones from Chinese companies OnePlus, Xiaomi, Oppo and Realme monitor their owners 24/7, writes The Register. They collect impressive amounts of data and send them to third parties not only without the consent of the user, but without any notifications or warnings at all.
The case primarily concerns smartphones intended for the domestic market of China, showed a joint study of specialists from the UK and Ireland. However, even if you buy a phone in China and then travel outside China with it, surveillance will not stop.
This means that OnePlus, Xiaomi, Oppo and Realme smartphones will collect information, including about citizens of other states. In this regard, Russians face a particular threat of personal data leakage, since for them buying a smartphone of any of the listed brands almost in Chinese online stores is always much cheaper than buying them in Russian retail. This is especially noticeable on the example of the Xiaomi Redmi 10 and Realme 9i models – their official versions, when crossing the Russian border, very sharply and, moreover, unreasonably increase in price.
For Russia, in general, this is especially true, since there are no domestic manufacturers of Android smartphones in the country, as well as local shells for this OS. In addition, against the backdrop of well-known events, all major smartphone manufacturers, except for Chinese ones, left the country. For example, devices Apple And Samsung are now imported to Russia only on the terms of parallel imports.
It’s all because of “junk” software
A group of scientists revealed all the details of their study in an article entitled “Android OS Privacy Under the Loupe – A Tale from the East”. They studied in detail the work of pre-installed and system applications on OnePlus, Xiaomi, Oppo and Realme devices, simulating a situation where a user bought a smartphone of one of these brands and basically uses only bundled software without creating an account in the cloud service of the device manufacturer (for example , in Xiaomi Cloud).
Experts estimate that Chinese smartphones come with, on average, more than 30 third-party apps pre-installed. Many of them are responsible for text input – in Xiaomi Redmi Note 11, which is popular in Russia, these are Baidu Input, IflyTek Input and Sogou Input on Xiaomi Redmi Note 11. And in OnePlus 9R and Realme Q3 Pro phones, there is a Baidu Map utility installed as the main navigator , and the AMap program, which is constantly running in the background. In addition, various applications for news, video streaming and online shopping are built into the Chinese firmware.
The researchers made sure that all these programs accumulate information about the user and then send it not only to the device manufacturer, but also to software developers. Some of the data can help identify the user and even determine their relatively accurate location.
According to the researchers, the apps leak the device’s IMEI and MAC address, location identifiers (GPS coordinates, mobile network cell ID, etc.), user profiles (phone number, app usage patterns, app telemetry), and social connections (call history). /sms/time, contact phone numbers, etc.). Moreover, data is sent even if there is no SIM card in the phone. Installing a SIM card from an operator from another country does not solve the problem in any way.
For example, the researchers claim that the Redmi phone sends requests to the tracking.miui.com/track/v4 URL whenever the preinstalled Settings, Note, Recorder, Phone, Message apps are opened and used. ” and “Camera”.
“In aggregate, this information poses serious risks of user deanonymization and extensive tracking, especially given that in China every phone number is registered under a citizen ID,” the article says.
Location change is not a panacea
The researchers argue that the wholesale collection of data on smartphone users of popular Chinese brands does not even think of stopping when the devices leave China. The experts noted that this allows device and app developers to track Chinese travelers and students abroad and learn about their overseas contacts.
Another finding from the researchers is that Chinese distributions of Android have three to four times more pre-installed third-party apps than stock Android from other countries. And these apps get 8-10 times more third-party app permissions compared to Android distributions developed outside of China.
“Overall, our findings paint a disturbing picture of the state of user privacy in the world’s largest Android marketplace and underline the imperative need for tighter privacy controls to increase ordinary people’s trust in technology companies, many of which are partly state-owned,” the researchers concluded.
mobile-review.com, 11/16/2022, “Chinese smartphones caught spying on owners”: The American company Kryptowire has discovered a backdoor in the software of some smartphones from China. It is reported that the program developed by Adups could potentially spy on Android smartphone users and transfer confidential information to servers located in China. The information was handed over to the US authorities, but they still have no reason to assume that we are talking about targeted surveillance of citizens. However, there is no certainty that this application was used for analysis for advertising purposes or in the interests of China’s intelligence.
The first suspect was BLU, which was first seen using software from Adups. However, according to representatives of this manufacturer, the smartphones that came to the attention of Kryptowire were not intended for sale in the United States, so their owners purchased them solely at their own peril and risk. BLU representatives also claim that Adups software has been removed from their smartphones. However, a little later, the same software was found in models from Huawei and ZTE. The situation continues to evolve. Representatives of Kryptowire offer to contact them, saying that they have the means to eliminate possible data leakage from smartphones. — Inset K.ru