India and China aren’t the best of friends as we all know, and yet, many Indians don’t shy away from using Chinese goods.
And among all of the goodies the Chinese sell in India, smartphones are the most loved. The Indian smartphone market has grown at a considerable rate in the past couple of years.
According to a Quarterly Mobile Phone Tracker report by International Data Corporation (IDC), almost 28 million smartphones were shipped to India in the second quarter.
But, as the number of smartphones grow, so does the threat of data security, and if your smartphone is Chinese, then you need to be a bit more worried.
The Infamous Chinese
Since 2015, there have been numerous reports about Chinese smartphones sending data to servers back in China. In January this year, a OnePlus user named Christopher Moore raised concerns over privacy.
He detected that OxygenOS was gathering data of events like when the device’s screen is turned off and on with timestamps alongside them.
What’s more disturbing is that the OS was also collecting data like the phone’s serial number, IMEI, phone number, the mobile networks it uses, and which apps were being opened and how long they were used.
Earlier, Kryptowire, a mobile security enterprise also came upon several Android smartphones that contained firmware which collected sensitive personal data of their users, and transmitted the same to servers outside.
The firmware that was shipped with the smartphones allowed for the automatic installation of applications without the users’ permissions.
The data that was collected was encrypted, and then transmitted over secure web protocols to a server located in Shanghai.
According to a report by Kryptowire in 2016, the firmware that was found to be the brainchild of a company called Shanghai Adups Technology Co Ltd, used the collected data to display advertisements in the users mobile.
In September 2016, Adups claimed on its website to have a worldwide presence with over 700 million active users, and a market share exceeding 70% over 150 countries and regions, with offices in Shanghai, Shenzhen, Beijing, Tokyo, New Delhi, and Miami.Kryptowire.com
A research report in 2015 by internet security firm GData showed that smartphones from Xiaomi, Lenovo and Huawei had pre-installed malware in them.
These malware authenticated permissions and access automatically, which could be used to tamper with the smartphone software.
The biggest problem in all of this is detecting malware, which is very tough. That’s because the malicious software usually finds itself a hiding place in apps like Google Drive or Facebook.
The most irritating and endangering aspect is that apps like these cannot be uninstalled because the bug sticks to the phone’s firmware.
Both Xiaomi and Lenovo later released official statements as a rebuttal to the above research:
The security report clearly states that middlemen are installing such malware, and that manufacturers like Xiaomi are not at fault. Unauthorised retailers can inject malware into any device bought from an unofficial channel. This is why we strongly recommend buying Mi phones only through authorised channels such as Mi.com, Flipkart, Amazon or Snapdeal.Xiaomi
The report states that the malware was pre-installed in the firmware of the device and can’t be removed. This is incorrect information. The malware was found on a single Lenovo phone that was bought through a third party marketplace, and was contained in an app that was likely added by a middleman, and could easily be removed from the device.Lenovo
Such is the threat of the Chinese phones that the Indian Air Force at one time had asked its personnel and their families to avoid using Xiaomi Redmi 1S smartphones. News broke out that the Chinese smartphone maker might be accessing personal data and storing them in Beijing.
Nice way to wipe your hands clean!
Why Chinese Phones Need to be ‘Hacked’?
You have to understand that when you buy a smartphone, and you tap the ‘I Agree’ option in the confidentiality agreement, you are, in a way, surrendering your privacy to the smartphone maker.
For a smartphone to function properly, and be compatible with the way you use it, there are certain applications which need access to your location, your contacts, and even your messages.
But why do Chinese smartphone manufacturers need to collect your data?
The reason we collect usage analytics through the user experience program is so we can better understand general phone behavior and optimise OxygenOS for a better overall user experience. At any time, users can opt-out of usage analytics collection by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. We’d like to emphasise that at no point have we shared this information with outside parties. The analytics we’re discussing in this post, which we only look at in aggregate, are collected with the intention of improving our product and service offerings.Carl Pei, Co-founder, OnePlus
Pei also went on to add that they will no longer be collecting telephone numbers, MAC Addresses and Wi-Fi information.
Most of the Chinese smartphones manufacturers have their servers in China and are collecting the smartphone data in their local servers.
Also Read: Govt Asks Chinese Phone Makers to Heighten Data Security Measures
There is no Google or Facebook in China, because of which they don’t use Google’s cloud services to store smartphone data. Companies like Vivo, Lenovo, Gionee and Oppo have servers in China. Xiaomi has its servers in Singapore and the US.
Following security concerns the Indian government has asked these companies to move their servers to India to ensure that the user’s data is protected. Till Now Xiaomi has obliged while others are still contemplating the move.
So Now What?
I’m sure that many of you might have panicked seeing that your smartphone is Chinese! Woah.. Relax! Be it Chinese, American, Finnish or even Indian brands, understand this, there is no such thing as a fully secure smartphone!
Even Google & Facebook collect your data and use them for analytical purposes, but you don’t find them suspicious. Why? Just because they are not Chinese!
Yes, there are some vulnerabilities when you are using smartphones as many apps need to track your usage patterns to deliver a better user experience, but there are a few additional steps you can take to ensure your data is protected:
Ways to Keep Safe from Smartphone Data Theft
1. Make sure you are not giving permissions to all apps to access media, location and others. Essential apps like WhatsApp, Facebook and the ones you use on a daily basis are okay.
2. Avoid downloading software from unknown sources and do not install software from these apps. Google Play Store is credible enough. Don’t go hunting for apps outside the Play Store.
3. DO NOT give your phone to anyone else in your absence.
Most important, pray that our ‘friendly’ relations with the Chinese continues. Else Kaput!
(Breathe In, Breathe Out: Are you finding it tough to breathe polluted air? Join hands with FIT to find #PollutionKaSolution. Send in your suggestions to fit@thequint.com or WhatsApp @ +919999008335)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)