Some Nokia 7 Plus phones found to have been sending user data to a Chinese server

The Android ecosystem is not bereft of apps that try to access user information including call logs and SMS data, prompting Google in January to remove those types of apps from the Play Store. However, it appears that it's not only Android apps that are frequently figuring in privacy issues concerning the operating system but also some phones running Android as well.

Citing a tip from Henrik Austad, a report from Norway's media outlet NRK says that a certain batch of Nokia 7 Plus devices may have been sending user data to a server based in China for several months. Austad disclosed irregular activities with his phone involving the transmission of an unencrypted package to China every time the device is turned on or unlocked. The package allegedly contains information about user location, SIM card number, and the phone's serial number.

NRK claims these pieces of information can allow the recipient to monitor the phone's movement in real time. Additionally, it has been found that data was transmitted to the Chinese server with the domain, with the China Internet Network Information Center as the point of contact. The report claims state telecommunications company China Telecom owns that domain.

HMD Global confirmed the issue in a statement to NRK, saying it was due to an error in the packing process of software for that particular batch of the Nokia 7 Plus. The error resulted in the devices accidentally sending data to a server located overseas. However, it added that this was fixed with a software update released in February. It is believed that the data collection component was meant for the Nokia 7 Plus devices sold in China, but was accidentally incorporated into units distributed in Finland.

Finland's data protection authority is now investigating the matter for potential violation of the European Union's General Data Protection Regulation (GDPR), which basically protects the data privacy of all EU citizens, among other provisions. Potential violators may be fined up to €10,000,000 or up to 2% of their total worldwide annual turnover for the preceding financial year in the case of an undertaking.

Source: NRK via Engadget

Report a problem with article
Next Article

Investigation underway into malware attack on the Police Federation of England and Wales

Previous Article

T-Mobile begins piloting fixed wireless broadband in the U.S.

35 Comments - Add comment