Chinese Cellphones Exposed: Xiaomi Redmi and Oppo Realme Stealing Personal Data

Intan Rakhmayanti Dewi, CNBC Indonesia

Tech

Saturday, 09/16/2023 13:15 IWST

Photo: Xiaomi CC9 & Oppo F5

Jakarta, CNBC Indonesia – Owners of Android cellphones made in China should be more careful. The reason is, there is research that reveals Chinese cellphones such as Xiaomi Redmi and Oppo Realme steal personal data and then transfer it to the Bamboo Curtain country.

A report states that Android phones from China are filled with built-in applications that transmit privacy-sensitive data to third-party domains without user consent or notification. This clearly carries potential danger because it could involve important data.

Researchers Haoyu Liu from the University of Edinburgh, Douglas Leith from Trinity College Dublin, and Paul Patras from the University of Edinburgh, show that personal information leaks pose a serious risk to Chinese cellphone customers.

The three researchers analyzed Android system applications installed on cellphones from three popular cellphone vendors in China, namely OnePlus, Xiaomi and Oppo Realme.

As a result, the researchers looked specifically at the information sent by the operating system and system applications.

Photo: Redmi 12. (CNBC Indonesia/Faisal Rahman)
Redmi 12. (CNBC Indonesia/Faisal Rahman)

The collection of pre-installed apps consists of Android AOSP packages, vendor code, and third-party software. There are more than 30 third-party packages on every Android phone with Chinese firmware.

The default Chinese applications detected include Baidu, IflyTek, and Sogou on the Xiaomi Redmi Note 11. On the OnePlus 9R and Realme Q3 Pro, there is Baidu Map as a foreground navigation application and a Map package. And there are also news apps, video streaming and online shopping apps bundled into the Chinese firmware.

“The data we observed being transmitted included fixed device identification (IMEI, MAC address), location identification (GPS coordinates, mobile network cell ID), user profiles (phone numbers, app usage patterns, app telemetry), and social relationships (call history /SMS/time, contact telephone number, etc.),” ​​said the researchers in their paper, reported by The Register, quoted Saturday (16/9/2023).

In a paper entitled “Android OS Privacy Under the Loupe – A Tale from the East” the researchers claim that Redmi phones send post requests to the URL “tracking.miui.com/track/v4” every time the Settings, Notes, Recorder, The pre-installed Phone, Messages and Camera are opened and used.

But what’s worrying is that the data is still sent even if the user deactivates the “Send Usage and Diagnostic Data” permission during device startup.

Data collection from these devices does not change when the devices leave China even if local jurisdictions impose stronger data protection rules.

“This information poses a serious risk of user identity disclosure (de-anonymization) and extensive tracking, especially because in China every phone number is registered under a citizen ID,” they added.

Another finding of researchers is that there are three to four times more pre-installed third-party apps in Chinese Android distributions than in Androids from other countries. The app gets eight to 10 times more permissions for third-party apps compared to Android distributions from outside China.

(phys/wur)

2023-09-16 06:15:00
#Watch #Brands #Steal #Data #China