Chinese phones from OnePlus, Xiaomi, and Oppo are laced with spyware
Makers of the best Chinese Android smartphones collect an alarming amount of data that can be traced back to individuals, a new study indicates.
China is the world's largest smartphone market and over 70 percent of handsets in the country run Android. Researchers from the University of Edinburgh and Trinity College Dublin have found that OnePlus, Xiaomi, and Oppo Realme smartphones sold in China transmit large swathes of data to various parties without user consent. (via Gizmodo)
Researchers scrutinized OnePlus 9R, Xiaomi Redmi Note 11, and OPPO Realme Q3 Pro
The phones come pre-installed with a large number of system and vendor apps with dangerous privileges enabled by default. This allows them to collect and transmit identifiable information related to a device's persistent identifiers, location, user profile, and and owner's social relationships.
The study assumed that the owner was a privacy-aware consumer who opted out of analytics and did not use cloud storage and optional third-party services.
These phones are potentially sending information unique to your device and you such as:
- device identifiers like IMEI number and MAC address
- location identifiers such as GPS coordinates which can reveal your current location
- settings and information associated with you such as phone number, app usage patterns, and app performance data
- social data such as call and SMS history and contact numbers
Users are not notified about this data transmission and there is no way to opt out of it either.
This data can easily be de-anonymized to identify a person and used for tracking. The Personally Identifiable Information (PII) is sent to device vendors, Chinese network operators (regardless of whether you have a SIM inserted), and service providers like Baidu.
The analysis was conducted on mobile devices sold in China which run local Android distributions, so consumers in international markets need not worry. Consumers who bought their devices in China, such as business travelers and students, should be wary though, as the study found that the data collection behaviors do not change even after a user leaves the country.
The Chinese versions of Android overlays have three to four times more preinstalled third-party apps than international versions intended for consumers in Europe and elsewhere and are granted eight to ten times more permissions.
Things that are NOT allowed: