Chinese tech companies often have had to deal with the allegations that their devices, be it smartphones or networking equipment, spy on their users, by collecting all sorts of data, and sharing it with the Chinese Communist Party. Now, a new study has found that it is not just the foreign and international users that China is spying on, but a vast majority of their own population, using these compromised devices.
Researchers from the University of Edinburgh and Trinity College Dublin have found that the makers of some of the best selling Android smartphones, namely Oppo, Xioami and OnePlus, collect an alarming amount of data that can be traced back to individuals, and share it with Chinese authorities.
China’s ‘Big Brother’ perversity
China is the world’s largest smartphone market with over 70 per cent of handsets in the country running on Android. Researchers from the Universities of Edinburgh and Dublin have discovered that smartphones made by OnePlus, Xiaomi, and Oppo Realme that are sold in China collect and transfer enormous amounts of data to several parties related to the CCP, without the users’ knowledge or permission.
Numerous vendor and system apps with risky privileges are pre-installed on the phones by default. This enables them to gather and send personally identifiable data about a device’s permanent identifiers, location, user profile, and social connections.
What data does the CCP collect this way?
Smartphones from these manufacturers routinely collected and shared data that included device identifiers like IMEI number and MAC address, location identifiers such as GPS coordinates which can reveal your current location, settings and information associated with you such as phone number, app usage patterns, and app performance data, as well as social data such as call and SMS history and contact numbers.
The real kicker here, however, is that all of this data is collected without the user’s consent and in such a way that users, even when they come to know of this, cannot opt out. And, if in case users try to switch to a different device, with a different OS, the CCP will be notified that the user has switched their device.
Chinese versions of Android overlays have three to four times more preloaded third-party apps and are given eight to ten times more permissions than international versions created for users in Europe and other regions.
Can this data be used to identify and out someone?
Short answer would be yes. It is simple to de-anonymize this data and utilise it to locate someone. Regardless of whether a SIM card is installed, device manufacturers, Chinese network operators, and service providers like Baidu receive personally identifiable information (PII).
International users of devices from these manufacturers can breathe a sigh of relief as the study found devices sold internationally do not run the China-specific Android distributions that allow such sort of spying. However, they are subject to Android’s usual data collection.
However, users who get their devices imported from China, which are actually meant for Chinese users, or consumers who bought their devices in China, and use it personally while travelling abroad, such as business travellers and students, will have their data collected and shared.