Does the Nokia 7 Plus data leak affects US users? Probably not, here is why
A specific model was pointed out by Norway's public broadcaster NRK – Nokia 7 Plus, and only on a single batch of units. Our previous report mentions that these phones were supposed to be sold in China initially, but ended up in the hands of European consumers. That's a very important aspect in HMD Global's defense, but here is what the company told us after the unfortunate incident:
In a long post published yesterday, HMD Global is trying to “demystify” data collection and explain why its Nokia 7 Plus units sent unencrypted information to China and how users of these phones are affected by this.
Your phone sends data to third-party servers because ...
The first thing the company wants customers to understand is why are they collecting data from devices. Apparently, there are two main reasons: a device warranty and improving the user experience. When a phone is used for the first time, it will send data to the company's servers to help it activate the warranty on the device.
One very important piece of information revealed by HMD is where exactly your data is stored in case you bought a Nokia smartphone. According to the Finnish company, if that phone was purchased from Europe, US or India, then your data is stored in Singapore, a country that supposedly follows very strict privacy laws.
However, if you live in the United States, but your phone was purchased from China, in order to comply with the country's Cyber Security law, HMD Global is forced to store data originating from China in China. Basically, if your phone is bought from China, it will undoubtedly send data to HMD's servers in China.
Avoid buying phones meant to be sold in China
What happened with the batch of Nokia 7 Plus units that were found sending data to servers in China is that the device activation client meant for the Chinese version of the phone was mistakenly included in the software package. HMD states that these phones were erroneously trying to send device activation data to a third party server, but such data wasn't processed and no person could have been identified based on the information sent.
If your Nokia smartphone is bought from China, then chances are some data is sent to servers in China. Obviously, the same goes for Nokia smartphones bought from other countries but meant for the Chinese market.