Chinese phone accused of illegally transferring personal data

Researchers from British universities tested the Android version on Xiaomi, Realme and OnePlus devices. To look at the data that the pre-installed apps transfer, they use static and dynamic code analysis techniques and calculate the network traffic generated on the device.

Research shows that some pre-installed applications and third-party applications are granted dangerous runtime permissions by default without the user’s knowledge. They transfer data such as geographic location, user profiles, social relationships (personally identifiable information) to the domain names of the manufacturer and third parties. Users are not notified, nor do they have an option to get rid of this behavior.

Data packets that go to third-party domains contain sensitive information such as GPS coordinates, network-related identifiers, phone numbers, application usage data, and call history. Meanwhile, Android versions on phones from other manufacturers mostly just send information about the device. Scientists think it reflects differences in terms of enforcement privacy between different regions.

It is worth noting that the data transfer does not stop even after the user and device have left China, despite different privacy regulations in each country. In addition, the data was also found to be sent to the network operator even though they did not provide the service.

According to the researchers, this poses a risk of tracking and deanonymization outside of China. Therefore, the authors call for the need to tighten privacy to “increasing people’s trust in tech companies”.

(According to Fox News)