Jakarta, CNBC Indonesia – It’s no secret that China is a master at producing cheap cellphones. It’s no wonder that the technology market in Indonesia is flooded with Android phones made by the Bamboo Curtain country. However, consumers who use Android phones made in China must be more aware of new threats lurking behind the screens of their cellphones.
A report states that Chinese Android phones are infested with built-in apps that transmit privacy sensitive data to third-party domains without user consent or notification. This clearly carries the potential for danger because it could involve important data.
Researchers Haoyu Liu from the University of Edinburgh, Douglas Leith from Trinity College Dublin, and Paul Patras from the University of Edinburgh, point out that leaks of personal information pose a serious tracking risk to mobile phone subscribers in China.
The three researchers analyzed Android system applications installed on mobile phones from three popular HP vendors in China: OnePlus, Xiaomi and Oppo Realme. The researchers looked specifically at the information sent by the operating system and system applications.
The pre-installed apps suite consists of Android AOSP packages, vendor code, and third-party software. There are more than 30 third-party packages in each handset Android with firmware China. This includes Chinese apps like Baidu, IflyTek, and Sogou on the Xiaomi Redmi Note 11. On the OnePlus 9R and Realme Q3 Pro, there’s Baidu Map as a foreground navigation app and a Map package. And there are also news apps, video streaming, and online shopping apps rolled into the mix firmware China.
“The data we observe being sent includes fixed device identifiers (IMEI, MAC address, etc.), location identifiers (GPS coordinates, mobile network cell ID, etc.), user profiles (phone numbers, app usage patterns, app telemetry), and social relationships (call/text history/time, contact phone numbers, etc),” the researchers said in their paper. TheRegisterquoted on Saturday (11/2/2023).
Through a paper entitled “Android OS Privacy Under the Loupe – A Tale from the East”, the researchers claim that Redmi phones send post requests to the URL “tracking.miui.com/track/v4” every time the Settings, Notes, Recorder, The pre-installed Phone, Messages and Camera are opened and used.
Worryingly, data is sent even if the user deactivates the “Send Usage Data and Diagnostics” permission during device startup.
Data collection from this device does not change when the device leaves China. Although local jurisdictions enforce stronger data protection rules.
“This information poses a serious risk of user deanonymization and extensive tracking, especially since in China every phone number is registered under a citizen ID,” they added.
Another researcher’s finding is that there are three to four times more preloaded third-party apps on Chinese Android distributions than on Android from other countries. These apps get eight to 10 times more permissions for third-party apps compared to Android distributions from outside of China.
(hsy/hsy)