According to new research, users of the most advanced Android handsets marketed in China may be the target of identity theft on a massive scale. The unnoticed and unconsented collecting might easily result in the ongoing tracking of users and the simple reveal of their identities.
According to a study from computer scientists at several universities, some of the most well-known phone manufacturers in China, including Xiamoi, OnePlus, and Oppo Realme, are all collecting enormous amounts of sensitive user data through their respective operating systems and a number of pre-installed apps.
The data is also getting hoovered up by an assortment of other private actors, and researchers worry that the devices in question “send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators.”
Given the intimate ties between business and the Chinese government, there are more than enough reasons to worry about expanded surveillance of mobile users in China. What should we takeaway from this? There is undoubtedly work to be done by researchers in order to protect the privacy of Chinese users.
“Overall, our findings paint a troubling picture of the state of user data privacy in the world’s largest Android market, and highlight the urgent need for tighter privacy controls to increase the ordinary people’s trust in technology companies, many of which are partially state-owned,” they write.
To better assess important data leaks, researchers experimented with a variety of gadgets they bought from Chinese manufacturers. The general assumption of the researchers was that the user of the device would be a “privacy-aware customer,” who has chosen not to send analytics and personalization data to providers and does not use cloud storage or “any other optional third-party services.”
According to the study, the PII being collected includes some pretty sensitive information, such as contacts, their phone numbers, phone and text metadata, geolocation data, persistent device identifiers (IMEI and MAC addresses, advertising IDs, and more), and basic user information like phone numbers and persistent device identifiers (which obviously would allow an observer to unmask your physical location). To put it another way, those who receive this data would have a fairly accurate idea of who is using a specific device, where they are using it, and who they are speaking to. In China, phone numbers are also linked to a person’s “citizen ID,” which means that they are irrevocably linked to the user’s true, legal identity.
According to experts, all of that data is being collected without the user’s knowledge or consent, and there is no way to opt out of this data collecting. The study found that despite the fact that other nations have distinct privacy regulations that ought to have an impact on how information is gathered, the gathering continues even after the device and the user leave China. Researchers discovered that even when Chinese cell providers weren’t offering service, data was being transferred to them (for example, when no SIM card had been inserted into the device).
You might find yourself wondering if you have even a passing familiarity with China’s general attitude toward data protection. However, the researchers’ findings give precise information regarding the manner in which Chinese phone makers and independent websites are actively gathering user data. The study’s findings also appear to contradict China’s recently passed privacy regulation, which is meant to shield Chinese consumers from data collecting without their knowledge and is modelled after the GDPR.