Apps pre-installed on China phones transmit more collected data than usual, even without consent or notification. A study shows that.
Smartphones with the Android operating system bought in China have a number of pre-installed apps that transmit significantly more data to manufacturers and developers than usual. Since sensitive data is also affected, this violates western data protection rules, say three researchers from Scotland and Ireland. They conducted a corresponding study using cell phones from the brands Xiaomi, OnePlus and Oppo as well as Realme.
As part of their investigation, the researchers observed the data exchanged between the operating system and system apps in order to exclude software installed by users. In doing so, they provided that the users did not consent to the analytics and personalization offered, did not use cloud storage or optional third-party services, and did not create an account on the platforms operated by the developers of the Android distribution. None of these measures seem to help your own data protection.
The study, titled “Android OS Privacy Under the Magnifying Glass – A Tale from the East,” found that more than 30 different apps and other third-party software were preinstalled on the Android smartphones with Chinese firmware. This includes Baidu Map as a navigation aid and the AMap software based on it, which runs continuously in the background. There are also various apps for news, video streaming and online shopping.
Data transfer even without a SIM card
The three researchers from the Universities of Edinburgh and Dublin explained that all Android phones of the brands mentioned transmit personal data not only to the smartphone manufacturer, but also to Baidu or Chinese mobile phone providers. This even happened when there was no connection to the Chinese mobile operator, for example when the cell phone was operated without a SIM card or with a SIM card from another provider.
The information transmitted includes device IDs such as IMEI or MAC address, location data such as GPS coordinates or mobile phone ID, user data such as phone number, app usage statistics or telemetry, and social data such as call and SMS history or data from contacts. Combined, this information would pose a high risk of user de-anonymization and extensive tracking, according to the study. Especially since every phone number in China is registered under a Chinese Resident ID.
Tracking outside of China
The data collection also continues when the mobile phone leaves China, although the data protection rules outside of China are usually much stricter. China could also monitor travelers and students studying abroad and collect data on their foreign contacts.
The study also explains that Android phones in China come with three or four times more pre-installed third-party apps compared to Android phones in other countries. And these apps require eight to 10 times more permissions than Android distributions outside of China.
TechAint 