New research has revealed that many of the top-of-the-line Android devices sold in China are awash with spyware, harvesting an untold amount of personal data without notification or consent that could easily lead to persistent tracking of users and easy unmasking of their identities.
The study, published by three experts hailing from the University of Edinburgh and Trinity College Dublin, found that popular Chinese phone makers like Xiaomi, OnePlus and Oppo Realme are collecting massive amounts of sensitive data via their operating systems and a variety of pre-installed applications.
The data is being siphoned to an assortment of different private companies and the researchers worry that the devices could “send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators.”
Considering the industry’s close ties to the Chinese Communist Party (CCP) the findings raise further concerns over the broader surveillance of mobile users in China and abroad.
“Overall, our findings paint a troubling picture of the state of user data privacy in the world’s largest Android market, and highlight the urgent need for tighter privacy controls to increase the ordinary people’s trust in technology companies, many of which are partially state-owned,” the researchers wrote.
The study analyzed the operating systems of the three manufacturers as well as “the communication between these system apps and the servers to which these connect in order to provide users with the intended functionality.” The researchers did not consider third party apps in their research.
- US ‘Tech War’ Heaps Pressure on Xi and the CCP
- Canadian Universities Collaborating With Chinese Military Scientists in Academic Research
- Computer Chip Overabundance Showing No Sign of Abatement
Sensitive information harvested
Researcher’s assumed users were “privacy-aware” who opted out of sending analytics and personalization data to providers and chose not to use cloud storage or “any other optional third-party services.”
The data being collected includes sensitive information including basic user information like phone numbers and persistent device identifiers like IMEI and MAC addresses, advertising IDs, geolocation data and data related to “social connections” such as contacts, phone numbers, and phone and text metadata.
The swaths of data harvested can easily reveal who is using a particular device, where they are doing it and even who they are communicating with.
In China, phone numbers are linked to an individual’s “citizen ID” which is tied to a user’s legal identity.
No user notification or consent
All of the data being harvested is being done so without any user notification or consent, meaning users are unaware that their data is being collected and they have no way of knowing how it is being used, according to the researchers.
The data collection continues even when users are overseas despite countries having different privacy and data handling laws, which should impact the way data is collected.
Researchers found that data was even being sent when the devices lacked a service provider or when no SIM card was inserted.
It comes as no surprise that Chinese Communist authorities are collecting reams of data from the Chinese populace, but this recent study reveals exactly how Chinese phone manufacturers and third party sites are actively pulling it off.