Pre-installed system apps on Android phones from three popular Chinese vendors, as well as third-party apps, are reportedly transmitting personal user information without notification or consent.
Researchers at universities in the United Kingdom examined the Chinese version of the Android OS distributions run by Xiaomi, Realme and OnePlus headsets, experimenting with a number of devices.
The arXiv paper’s authors measured the network traffic generated by handsets when in use, using static and dynamic code analysis techniques to look at the data transmitted by the reinstalled system apps.
“We find that these devices come bundled with a number of third-party applications, some of which are granted dangerous runtime permissions by default without user consent, and transmit traffic containing a broad range of geolocation, user-profile and social relationships [personally identifiable information] to both phone vendors and third-party domains, without notifying the user or offering the choice to opt-out,” the research showed.
WHY YOU NEED TO DELETE 3 APPS RIGHT NOW IF YOU HAVE AN ANDROID
Detail of the USB-C port on a Xiaomi Mi Mix 3 5G smartphone, taken on July 22, 2019. (Photo by Neil Godwin/Future Publishing via Getty Images)
The packages transmitted to many third-party domains contain privacy-sensitive information related to devices, including GPS coordinates, network-related identifiers, phone numbers, app usage data and call histories.
Comparatively, data shared by the Global version of the firmware was found to be mostly limited to device-specific information, which the computer scientists said sheds light on differences in privacy provision enforcement across separate regions.
Phones are charged before the dispatch inside the Realme factory in Greater Noida, India, Wednesday, June 1, 2022. (Photographer: Anindito Mukerjee/Bloomberg Photo via Getty Images)
CHINA RESORTS TO THE SILENT TREATMENT WITH TOP US OFFICIALS AFTER SPY FLIGHT SHOOTDOWN
Notably, the collection does not stop once the device and user leave China, despite the fact that different countries have different privacy laws.
Furthermore, data was found to be sent to mobile operators even when they were not providing service.
Detail of a OnePlus Nord smartphone, taken on Aug. 5, 2020. (Photo by Phil Barker/Future Publishing via Getty Images)
“This poses serious deanonymization and tracking risks that extend outside China when the user leaves the country, and calls for a more rigorous enforcement of the recently adopted data privacy legislation,” the study said.
CLICK HERE TO GET THE FOX NEWS APP
The findings, the authors wrote, highlight the need for tighter privacy curbs to “increase the ordinary people’s trust in technology companies, many of which are partially state-owned.”