Android phones from China transmit personal info without consent, researchers say
08 February 2023
By Julia Musto
Pre-installed system apps on Android phones from three popular Chinese vendors, as well as third-party apps, are reportedly transmitting personal user information without notification or consent.
Researchers at universities in the United Kingdom examined the Chinese version of the Android OS distributions run by Xiaomi, Realme and OnePlus headsets, experimenting with a number of devices.
The arXiv paper’s authors measured the network traffic generated by handsets when in use, using static and dynamic code analysis techniques to look at the data transmitted by the reinstalled system apps.
“We find that these devices come bundled with a number of third-party applications, some of which are granted dangerous runtime permissions by default without user consent, and transmit traffic containing a broad range of geolocation, user-profile and social relationships [personally identifiable information] to both phone vendors and third-party domains, without notifying the user or offering the choice to opt-out,” the research showed.
The packages transmitted to many third-party domains contain privacy-sensitive information related to devices, including GPS coordinates, network-related identifiers, phone numbers, app usage data and call histories.