Skip to content

Android flagships in China are sold with preinstalled spyware

  • by
  • 3 min read

Photo by Rafapress /

A recent study conducted by researchers from the University of Edinburgh and the Trinity College of Dublin has found that preinstalled apps on three of the most popular Chinese smartphone vendors Xiaomi, OnePlus, and Oppo Realme are essentially acting as spyware.

The researchers discovered several system, vendor and third-party apps with elevated privileges. The data transmitted by these apps was analysed using static and dynamic code analysis techniques which revealed that they were designed to secretly extract user and device information including but not limited to system information, installed apps, GPS location data and even SMS and call history.

The kind of data collected by each device manufacturer. | Source:

The three smartphones included in the study, Xiaomi Redmi Note 11, Oppo Realme Q3 Pro, and Oneplus 9R all ran Android version 11 locally designed for the Chinese market. The devices were caught sending data to their respective device vendors in addition to Chinese network operators despite not having any connectivity from them. This tracking even works if the device is outside of Mainland China, meaning users leaving the country are constantly under surveillance as well.

When compared to preinstalled apps on their global counterparts, CN OS distributions have three to four times the number of pre-installed apps and are given eight to ten times as many permissions as third-party apps.

Chart showing the permissions granted to preinstalled and third-party apps | Source:

Additionally, the devices were set up from the perspective of a “privacy-aware user” meaning any analytics data reporting and personalisation were opted out of and no third-party services or any cloud storage was used. The researchers also did not set up any accounts on any of the OS distributions.

Chinese manufacturers are yet to comment on the research. The country has the largest Android user distribution in the world and several major Android smartphone brands that make significant sales globally are based out of China. While there are significant differences in how privacy policies are enforced in different parts in the world, tracking users straight out of the box is a rather serious security concern. 

In the News: Telecom data of over 74 million US citizens leaked since January 1

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: