- The study claimed that smartphone companies like Xiaomi, OnePlus, Realme, and OPPO collect sensitive information.
- The data collection could easily lead to users being tracked over time, the study said.
- Researchers say tighter privacy controls are needed right away to help people trust technology companies.
The issue of apps secretly collecting and sharing user data is a global concern, but in China, it’s a whole different ballgame, warns a study. According to the study, people buying the best Android phones in China have their personal information stolen. A Gizmodo article based on the study said that the data collection, happening without users’ knowledge or permission, could easily lead to users being tracked over time and their identities being easily revealed.
The study claimed that smartphone companies like Xiaomi, OnePlus, Realme, and OPPO collect a lot of sensitive information about their users through their operating systems and the apps that come pre-installed on their smartphones in China. Researchers are concerned that the devices send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators because a variety of other private actors are also snatching up the data.
What did the researchers say?
There is undoubtedly work to be done by researchers in order to protect the privacy of Chinese users, the report said. The researchers, including Haoyu Liu from the University of Edinburgh, noted that their findings paint a troubling picture of the privacy of user data in the world’s largest Android market. They also mentioned that tighter privacy controls are needed right away to help people trust technology companies, many of which are partly owned by the government.
What was the experiment?
Researchers tried out a number of devices they bought from Chinese manufacturers and did network analysis on them to figure out how important data was being leaked. They assumed that the person using the device would be a “privacy-aware consumer” who had turned off sending analytics and personalisation data to providers and didn’t use cloud storage or “any other optional third-party services.”
According to the study, the PII collected includes sensitive information such as contacts, phone numbers, phone and text metadata, geolocation data, persistent device identifiers (IMEI and MAC addresses, advertising IDs, and more), and basic user information like phone numbers.