A recent study shows that top-of-the-line Android phones sold in China are a total privacy nightmare:
New research suggests that users of top-of-the-line Android devices sold in China are getting their personal data pilfered left, right and center, according to new research. The collection, which is happening without notification or consent, could easily lead to the persistent tracking of users and the easy unmasking of their identities.
A study published by computer scientists at several different universities reveals that phone makers like Xiamoi, OnePlus, and Oppo Realme, some of the most popular in China, are all collecting massive amounts of sensitive user data via their respective operating systems, as are a variety of apps that come pre-installed on the phones. The data is also getting hoovered up by an assortment of other private actors, and researchers worry that the devices in question "send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators." Given private industry's close relationship with the Chinese government, it's more than enough to raise the specter of broader surveillance concerns for mobile users in China.
The PII being collected includes pretty sensitive stuff, including basic user information like phone numbers and persistent device identifiers (IMEI and MAC addresses, advertising IDs, and more), geolocation data (which, obviously, would allow an observer to unmask your physical location), and data related to "social connections"—such as contacts, their phone numbers, and phone and text metadata, the study found. In other words, the recipients of this data would have a pretty clear picture of who is using a particular device, where they are doing it, and who they're talking to. Phone numbers in China are also tied to an individual "citizen ID," meaning that it's inextricably tied to the user's real, legal identity.
All of that data is getting vacuumed up without any user notification or consent, and there's no way to opt out of this data collection, according to researchers. The collection also doesn't stop when the device and the user exit China, despite the fact that different countries have different privacy laws that should impact the way information is collected, the study said. Researchers found that data was sent to Chinese mobile operators even when they weren't providing service (for example, when no SIM card had been inserted into the device).
See also the story earlier today: Bloatware Pushes the Galaxy S23 Android OS to an Incredible 60GB.
Related Stories
Samsung's Android build is 4x bigger than Google's—twice the size of Windows 11:
As a smartphone operating system, Android strives to be a lightweight OS so it can run on a variety of hardware. The first version of the OS had to squeeze into the T-Mobile G1, with only a measly 256MB of internal storage for Android and all your apps, and ever since then, the idea has been to use as few resources as possible. Unless you have the latest Samsung phone, where Android somehow takes up an incredible 60GB of storage.
Yes, the Galaxy S23 is slowly trickling out to the masses, and, as Esper's senior technical editor Mishaal Rahman highlights in a storage space survey, Samsung's new phone is way out of line with most of the ecosystem. Several users report the phone uses around 60GB for the system partition right out of the box. If you have a 128GB phone, that's nearly half your storage for the Android OS and packed-in apps. That's four times the size of the normal Pixel 7 Pro system partition, which is 15GB. It's the size of two Windows 11 installs, side by side. What could Samsung possibly be putting in there?!
[...] Unlike the clean OSes you'd get from Google or Apple, Samsung sells space in its devices to the highest bidder via pre-installed crapware. A company like Facebook will buy a spot on Samsung's system partition, where it can get more intrusive system permissions that aren't granted to app store apps, letting it more effectively spy on users. You'll also usually find Netflix, Microsoft Office, Spotify, Linkedin, and who knows what else. Another round of crapware will also be included if you buy a phone from a carrier, i.e., all the Verizon apps and whatever space they want to sell to third parties. The average amount users are reporting is 60GB, but crapware deals change across carriers and countries, so it will be different for everyone.
(Score: 5, Touché) by Ingar on Thursday February 09 2023, @10:43AM (8 children)
Top Android Phones are Packed with Spyware.
(Score: 3, Insightful) by Rosco P. Coltrane on Thursday February 09 2023, @01:50PM (7 children)
I question whether it is a worse option to be spied on by nefarious Chinese companies and state agencies rather than American ones.
(Score: -1, Troll) by crafoo on Thursday February 09 2023, @02:25PM (2 children)
Your government can easily arrest and imprison you. The Chinese government cannot.
(Score: 4, Insightful) by Freeman on Thursday February 09 2023, @02:48PM
From an individual's perspective that's generally true. Of course, if someone from China empties your bank account, you also have little to no recourse. Tough luck, them's the breaks man.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 4, Interesting) by mcgrew on Thursday February 09 2023, @04:38PM
I had a wordy rebuttal written because I misunderstood what you so poorly tried to communicate. No, the Chinese can't arrest me, but they can convince crazy proud boys to murder the Black people who live across the street, or convince morons that someone born into riches who had three million dollars in the bank at age three is anything like them, or would actually know how to govern.
My government isn't going to bomb my house. The Chinese just might.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 1) by khallow on Thursday February 09 2023, @04:25PM
Especially when it's so easy for those American ones to trade for or steal that information. Very good question indeed. /sarc
(Score: 5, Interesting) by mcgrew on Thursday February 09 2023, @04:30PM (2 children)
That's not very clear thinking there, kid. I vote for representatives in my government, but have no say whatever about the Chinese.
Perhaps my opinion is because of Springfield's socialist power company, the city-owned CWLP. Our rates are historically the lowest in the state, as is our downtime. Why?
If our electricity goes out more than once a decade, or if our bills go up, the Mayor loses his job, as do the aldermen. It's happened here before. We simply vote them out. Now, in Rochester, the next town over, they have Amerin, who have no reason besides the humanity they lost under Reagan to worry about what you pay or how reliable your electricity is. It's not like you can go down the street to their competitor!
"But what about Jackson, Mississippi or Flint, Michigan?" That's what happens in a racist state. In Michigan and Mississippi, Black lives don't matter and there are a lot more White racists who would rather see the Blacks all die.
All utilities like gas, electricity, water, etc should be run by the local government so the citizens actually have a say. Where there's a natural monopoly, there can be no competition. Without competition there can be no real capitalism.
Sorry I veered off-course a little, but you government haters ("the ten scariest words in the English language are 'I'm here from the government and I'm here to help'." --Ronald Reagan) are fucking STUPID (Reagan died of Alzheimer's). I suspect that with an attitude like that, Reagan was a communist at heart, because that statement would be true in Russia or China.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 4, Disagree) by Rosco P. Coltrane on Thursday February 09 2023, @06:12PM (1 child)
Because you think your vote has any more meaning in the US than in China? How cute.
Have you seen the choices of candidates on offer? They're all super-rich conniving corrupt sumbitches. Yeah you have the choice to vote for one super-rich corrupt sumbitch or another super-rich corrupt sumbitch. Some choice...
China sucks but at least they don't pretend to be a democracy.
(Score: 1, Informative) by Anonymous Coward on Thursday February 09 2023, @08:02PM
Quityerbellyachin'!
The voters decide who gets on the ballot, usually by letting other people do it. Less than 2% of them vote for independents because the other 98% drinks mass media kool-aid and believe their comfortable lies instead of organizing, in fact it's personal antipathy and plain old selfishness which drives them to vote the way they do. All this whining about "no choice" is just denial of personal responsibility
(Score: 5, Touché) by Rosco P. Coltrane on Thursday February 09 2023, @01:15PM (2 children)
Someone show me how I can opt out of American corporate surveillance. Last I checked, Google and Apple are siphoning off your data without your consent too, without telling you what they collect, and there's no off switch either.
(Score: 1, Touché) by Anonymous Coward on Friday February 10 2023, @03:53AM (1 child)
(Score: 1, Interesting) by Anonymous Coward on Friday February 10 2023, @07:56AM
Good links, thanks! Pity the Murena does not have a removable battery.
(Score: 4, Informative) by Mojibake Tengu on Thursday February 09 2023, @01:44PM (5 children)
I regularly buy Chinese phones. Obscure brands like Aligator, MyPhone, Maxcom, iGet, Energizer, CUBE1, Evolveo or TCL. By dozens.
Point is: they are not smart phones at all, everything is just buttons, 2'' display, cheap camera for tiny image MMS, very low memory, incapable of anything.
And they are absurdly cheap, often close to the price of just a new battery replacement.
For a price of a single iPhone, I can have about forty of such bunrolls. Or twenty for price of an Android.
I can easily maintain them and even mutilate them with little electronics skills. Wire them to serial port of my gadgets for SMS control.
This is exactly what a true GSM Terminal Device should be and was intended in original concept of mobile networks.
Need a phone for a dirty job? Grab one pristine package from a drawer, scratch it all after...
Respect Authorities. Know your social status. Woke responsibly.
(Score: 3, Funny) by Rosco P. Coltrane on Thursday February 09 2023, @01:48PM (4 children)
How's reading emails, videoconferencing or visiting websites working on for you on your feature phones?
(Score: 3, Redundant) by Mojibake Tengu on Thursday February 09 2023, @03:39PM (2 children)
I don't do that on a phone. Never. It is silly to do that on a phone.
Only platforms under full control by me are allowable to handle emails and websites. Smart phone is not such a platform by definition.
I keep two separate computers 100% dedicated for banking only and nothing else. I keep own domains, email addresses and phones, dedicated for communication with banks and authorities only, strictly separated from my own domains and email addresses allocated for public presence, shopping and stuff.
I never do videoconferencing since it is a huge random information leak by any security standard and for all possible meanings of information.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 3, Insightful) by Rosco P. Coltrane on Thursday February 09 2023, @04:06PM (1 child)
That you choose not to use a mobile spyware platform to conduct private business, I'm totally onboard with that.
But claiming smartphones are not a platform to check websites or get emails is beyond stupid. Smartphones are nothing other than pocket computers. They're useful to look up something, find an address (and get directed to it), stay in touch with other human beings and a multitude of other things on the go. Your beef with those mobile computers being compromised by big data monopolies and barely constitutional US three-letter agencies out of the box doesn't negate the usefulness of the services they offer - which is the crux of the problem in fact.
(Score: 5, Insightful) by mcgrew on Thursday February 09 2023, @04:52PM
I check my email as often as I check my snail mail: once a day, if that. No need whatever to do it on a phone. Now websites? Sure, what else am I going to do in a waiting room now since they replaced all the magazines with TVs? I have the Kindle app on it, too, but use my dedicated e-book reader at home. And at home I'll use the tablet to surf the net, except for a site like S/N that requires typing; I hate typing without a keyboard!
mcgrewbooks.com mcgrew.info nooze.org
(Score: 4, Interesting) by mcgrew on Thursday February 09 2023, @04:46PM
That's what computers with keyboards are for. IMO using your easily lost or stolen phone for commerce is brain-dead stupid. There's absolutely no identifiable information on my smartphone except the address book.
The right tool for the right job. Video conference? Tablet. Pay bills? Computer. Make a phone call or text? THAT'S WHAT A PHONE IS FOR. Using a screwdriver as a pry bar or a chisel will ruin your screwdriver. Use the proper tool for the job!
mcgrewbooks.com mcgrew.info nooze.org
(Score: -1, Flamebait) by crafoo on Thursday February 09 2023, @02:28PM (2 children)
Oneplus are good phones. good tech, well priced.
The Chinese government has a full profile of my internet history? Oh no. I can't see how that will ever be a problem for me. It's weird because they actually seem to hate me less than progressives in this country so...
(Score: 2, Insightful) by Anonymous Coward on Thursday February 09 2023, @02:58PM
May i just say, that just because you don't know how your information could be used wrong doesn't mean it can't. That's how scams work.
(Score: 3, Touché) by Sjolfr on Thursday February 09 2023, @05:17PM
Well, everything your phone can collect; phone calls, internet use, contacts lists, GPS and location, information on all the networks your phone gets near, all bliuetooth device data that the phone comes within range of, all of your app usage and data, etc., etc.. Plus, with the phone in US networks there are a lot of network-level sensitive things that can be gathered; tower locations, tower technology, satallite positions and tech, etc., etc.. Add in to that learning how american systems work in general, like phone-to-tower negotiations, device level authentication, and general security checks.
While it may not be a problem for you, in this very moment, it is a problem in general.
(Score: 4, Interesting) by Freeman on Thursday February 09 2023, @02:59PM (11 children)
Yes, there is a giant problem with a government baking in spyware into top model phones or any phones that are being sold.
In the event that China is spying on you using your phone:
#1 Do you really want them to have your bank account information? Sure, sure, don't use your phone for banking. Right, good luck with that. I perhaps should know better, but have still used my phone for banking. Not any time recently, but I have.
#2 I use my phone for notes. Maybe not especially sensitive notes, but I would likely count it as fairly secure. As I generally have and/or know where my phone is at all times. I'm certainly not terribly careful about the notes I put on my phone. Yes, plain-text, unencrypted. So Sue Me. I'm certainly not the only one.
#3 Giving China a giant pass on it is just as bad, if not worse than giving the USA or any other country a giant pass on it.
#4 Your own country / government should ideally have the best interest of it's citizens in mind. Or at least, certainly have more incentive to do so. Than a foreign country, like China. Especially one that is well documented in it's attempts to steal, lie, and cheat when it comes to doing business with other countries. China first, is a very real thing.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by mcgrew on Thursday February 09 2023, @04:56PM (10 children)
#1 Do you really want them to have your bank account information? Sure, sure, don't use your phone for banking. Right, good luck with that. I perhaps should know better, but have still used my phone for banking.
Before I call you a fool, perhaps I should ask you why you did such a foolish thing? Is your phone your only computer? The rest of the comment was intelligent.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by Freeman on Thursday February 09 2023, @06:40PM (2 children)
Nah, it was just convenient. Which is why I suspect a large number of people also do that.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Funny) by Anonymous Coward on Thursday February 09 2023, @08:11PM (1 child)
"Give Me Convenience or Give Me Death!"
(Score: 3, Touché) by Freeman on Friday February 10 2023, @02:22PM
Hey now, those two aren't mutually exclusive. It most definitely can be both!
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Interesting) by Anonymous Coward on Friday February 10 2023, @01:10AM (6 children)
(Score: 2) by optotronic on Friday February 10 2023, @03:09AM (3 children)
Sounds like you chose the wrong bank.
(Score: 0) by Anonymous Coward on Saturday February 11 2023, @01:07PM (2 children)
(Score: 0) by Anonymous Coward on Sunday February 12 2023, @10:08AM (1 child)
Let this be a lesson for you and next time choose a better country. Better parents too. Maybe on an island somewhere.
(Score: 0) by Anonymous Coward on Sunday February 12 2023, @05:14PM
(Score: 0) by Anonymous Coward on Friday February 10 2023, @07:51AM
My primary bank has done this. You can't send them email. You can't do much on the website except transfers and viewing information. They really want you to install and use their app.
(Score: 4, Interesting) by janrinok on Friday February 10 2023, @09:01AM
I have found something similar - it is not just a US phenomenon.
Here the regional French banks do not even handle money directly. Try to rob the bank and all you will get are the computer terminals. If you want cash you have to use the ATM - which is fine, they are kept well stocked and there are plenty of them around. You can also deposit cash into another machine. There is the need for at least one working day between making a deposit and being able to withdraw that cash out again and that excludes weekends. There is only one person acting as the receptionist who can assist with any queries or make international bank transfers on one's behalf if you are having a problem. There are other staff behind the scenes as it were and you can make an appointment for a consultation for anything more than everyday transactions. Consultations are free so the only downside is that you have to be there in person.
Bank robberies are now down to very low levels compared with a decade ago. Queries over the phone are possible but one has to jump through various security hoops before you can actually discuss the problem that you are encountering. Stopping lost or compromised debit and credit cards is simple and efficient - getting one unblocked because you type in the wrong PIN too many times is very difficult - it is easier to simply say that it has been damaged and wait 48 hours for a new one.
I can do direct bank transfers on my phone using their app, but it will not tolerate Firefox, Brave or any chrome variants. My UK bank is better in this regard as they acknowledge that by living in France they cannot expect me to pop in to see them very often. They value my account more than they would like me to transfer it here to France.
What the banks have done is to remove any blame for bad transactions from them to you - "you must have done something wrong". You bear any losses if somebody else accesses your account - "you must have compromised your bank details somehow". At the same time they have reduced the number of staff that they employ so they can make even more profit from "letting you bank with them". Changing banks achieves nothing in any practical terms - that is how banking is now.
(Score: 2) by Rich on Thursday February 09 2023, @05:10PM
First, note that the title says "Android Phones FROM China", and the link says "Android devices SOLD IN China". That's a significant difference. (And what job has Cornell in analyzing foreign phones anyway? Little CIA grant?)
About those FROM China, I made an old post where I was asking myself how a Doogee X5 Pro (turned out to be a really good phone, except for the crappy camera) could make it to my doorstep for 80 euros. I calculated how expensive it would be to supply at least one direct contact of nearly every person. I came to a conclusion, roughly, that even if the gov't would chip in like 100 bucks per phone, they'd get a cheap deal on near total surveillance, compared to what satellites and other classic methods cost.
(Score: 5, Informative) by bart9h on Thursday February 09 2023, @07:02PM (1 child)
The first thing I did was to replace the system with LineageOS.
Yes, when I go choose a phone to buy, I start with the list of phones officially supported by LineageOS. The downside is that it narrows the possibilities for choosing a model. The upside is that it narrows the possibilities for choosing a model.
(Score: 0) by Anonymous Coward on Friday February 10 2023, @01:19AM
When I require sdcard, infrared, RAM >=8GB and up to EUR250 and 2020 or later into gsmarena I just get Xiaomi: https://www.gsmarena.com/results.php3?nYearMin=2020&nPriceMax=250&nRamMin=8000&chkInfrared=selected&idCardslot=1 [gsmarena.com]
All the android phones come with spyware baked in anyway (you think Samsung phones with even more bloated OS won't spy on you given a chance?), so might as well get the Chinese Gov to subsidize it? 😉