Photo by Rafapress / Shutterstock.com
A recent study conducted by researchers from the University of Edinburgh and the Trinity College of Dublin has found that preinstalled apps on three of the most popular Chinese smartphone vendors Xiaomi, OnePlus, and Oppo Realme are essentially acting as spyware.
The researchers discovered several system, vendor and third-party apps with elevated privileges. The data transmitted by these apps was analysed using static and dynamic code analysis techniques which revealed that they were designed to secretly extract user and device information including but not limited to system information, installed apps, GPS location data and even SMS and call history.
The three smartphones included in the study, Xiaomi Redmi Note 11, Oppo Realme Q3 Pro, and Oneplus 9R all ran Android version 11 locally designed for the Chinese market. The devices were caught sending data to their respective device vendors in addition to Chinese network operators despite not having any connectivity from them. This tracking even works if the device is outside of Mainland China, meaning users leaving the country are constantly under surveillance as well.
When compared to preinstalled apps on their global counterparts, CN OS distributions have three to four times the number of pre-installed apps and are given eight to ten times as many permissions as third-party apps.
Additionally, the devices were set up from the perspective of a “privacy-aware user” meaning any analytics data reporting and personalisation were opted out of and no third-party services or any cloud storage was used. The researchers also did not set up any accounts on any of the OS distributions.
Chinese manufacturers are yet to comment on the research. The country has the largest Android user distribution in the world and several major Android smartphone brands that make significant sales globally are based out of China. While there are significant differences in how privacy policies are enforced in different parts in the world, tracking users straight out of the box is a rather serious security concern.
In the News: Telecom data of over 74 million US citizens leaked since January 1
