According to recent research, top phone makers including Xiaomi, Oppo, OnePlus, and others are stealing personal data from your smartphones. This data is apparently being collected without the users’ knowledge or consent, potentially leading to tracking and identifying phone owners.
The study published by Cornell University, US, shows that Chinese phone makers are stealing massive amounts of sensitive data through their respective operating systems (OS) and their built-in apps.
The data in question is being snatched by a variety of private actors and researchers are concerned that these Chinese devices:
Send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators.
To evaluate data leakage, researchers conducted network analysis on several devices purchased from Chinese manufacturers. The team assumed that the device operator was a privacy-conscious individual who had declined to send analytics and personalization data to providers and refrained from using cloud storage or any other third-party services.
Overall, our findings paint a troubling picture of the state of user data privacy in the world’s largest Android market, and highlight the urgent need for tighter privacy controls to increase the ordinary people’s trust in technology companies, many of which are partially state-owned
What Data is Being Collected?
The study revealed that the personally identifiable information (PII) being collected included highly sensitive information, including basic user information like phone numbers and persistent device identifiers (IMEI and MAC addresses, advertising IDs, etc.), geolocation data that can reveal a user’s physical location, and data related to social connections, such as contacts, and phone and text metadata.
No Way to Stop it
According to researchers, there is no option to opt out of this data collection process. Even when the device and user leave China, the data collection continues, despite the fact that different countries have their own privacy laws that should affect how information is collected.
The study found that data was sent to Chinese mobile operators even when they were not providing service, such as when no SIM card was inserted into the device.
The device manufacturers in question are yet to respond to a comment request.