Chinese made Android phones are built to collect and transmit personal data of users

Share post:

A group of researchers from the University of Edinburgh and Trinity College Dublin published an article titled “Android OS Privacy Under the Loupe – A Tale from the East,” which revealed that China’s top Android phones collect far more information than they are supposed to.

“China is currently the country with the largest number of Android smartphone users. We use a combination of static and dynamic code analysis techniques to study the data transmitted by system applications pre-installed on Android smartphones from three of the most popular suppliers in China,” said the researchers.

According to the researchers, Chinese-made Android phones come preloaded with apps that send sensitive data to third-party domains without consent or notice. An examination of smartphones with Chinese-market firmware reveals that they are pre-installed with applications that transmit sensitive privacy data to third-party domains without consent or notice. This situation raises concerns about China’s ability to monitor citizens outside of its borders.

They also point out that, while all of their tests were performed on phones purchased in China, they recognize that handsets can behave differently if they detect that they are outside of China.

To account for this, the researchers established a network tunnel between their installation and a Huawei Cloud instance in Shanghai. “The IP address observed by the back server is therefore that of the Huawei Cloud server located in Shanghai. We configured each handset using Chinese as the language to simulate a local user,” reads the document.

To exclude user-installed software, the researchers focused on information transmitted by the operating system and system apps. They assume that users have opted out of analytics and personalization, that they do not use cloud storage or optional third-party services, and that they have not created an account on any platform run by the Android distribution’s developer. A reasonable policy, but it does not appear to be very effective.

The sources for this piece include an article in TheRegister.


Related articles

Electric toothbrush DDoS story false: Was a “mis-translation.”

The recent viral story about hackers launching a Distributed Denial-of-Service (DDoS) attack on 3 million internet-connected toothbrushes serves...

BlackBerry reverses IoT divestment, names John Giamatteo as new CEO

BlackBerry Ltd. has recently made a pivotal change in its operational strategy, opting to retain its internet-of-things (IoT)...

BlackBerry names new CEO, will split cybersecurity and IoT businesses

BlackBerry’s new leader is the former head of its cybersecurity business unit. The Waterloo, Ont., company said this morning that John Giamatteo is its new chief executive officer and a member of its board of directors, effective immediately. Richard Lynch, who has served as interim chief executive officer since Nov. 4, after the departure of

Zero-Day vulnerabilities in routers and cameras exploited by hostile botnet

Security researchers at Akamai have discovered two new zero-day vulnerabilities being actively exploited to incorporate routers and video...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways