Nokia 7 Plus caught sending user data to China, HMD Global under scrutiny in Norway

“From the looks of it, the data tracking package was meant for China variant of Nokia 7 Plus, but was mistakenly added in others, violating GDPR rules”

HMD Global has found itself in a rather awkward situation after certain handsets of the Nokia 7 Plus smartphone were caught relaying private information such as GPS coordinates, SIM card number, and handset serial number to a Chinese data server. The incident, which was previously reported by a Twitter user but went largely unnoticed, was more recently brought up by Norwegian user Henrik Austad, who realised that unencrypted information was being sent from his Nokia 7 Plus to a Chinese server.

The information in question reportedly included the GPS coordinates of the device, SIM card number, phone serial number, and network details. The tip off prompted NRK, Norway’s public broadcaster, to probe the incident. The investigation found out multiple Nokia 7 Plus units were indeed relaying such private information to a Chinese server under the domain, which is located in state-run telecom operator China Telecom’s service.

Nokia 7 Plus FB feat 2

HMD Global, which presently owns the rights to manufacture and sell devices under the Nokia brand, has so far enjoyed relatively smooth sailing, with the company being appreciated for its transparent operations, clear firmware in devices, regular and frequent updates and an overall no-frills approach to phones in general. The company has stated that the data collection occurred because of an “error” in the firmware coding and the same has already been rectified in a January software update that most users of the device in question have installed.

Further investigation has revealed that the code in question for data collection and transmission was originally written back in 2014. With this code, the devices were programmed to transmit data to a target server whenever it was switched on, or whenever the screen was unlocked or even activated. The code itself was contained in a folder that was rather non-cryptically named ‘China Telecom’, suggesting that the intended code was written for China-specific devices and may have been included in a non-China exclusive device unintentionally.

HMD Global will certainly hope that is the case, failing which will make the company liable for violating the stricter GDPR rules in the European Union. The stringent EU privacy laws impose strict penalties on those who violate fundamental privacy rights. It is not yet clear if any further private data was transmitted by this code and HMD Global has defended itself by stating that the information transmitted did not include any personal identifier of any user. The Office of the Data Protection Ombudsman in Finland is presently investigating the incident.

Nokia 7 Plus Specifications
Octa core (2.2 GHz, Quad Core + 1.8 GHz, Quad core)
Snapdragon 660
6.0 inches (15.24 cm)
1080x2160 px, 402 PPI
12 MP + 13 MP Dual Primary Cameras
Dual-color LED Flash
16 MP Front Camera
3800 mAh
Fast Charging
USB Type-C port
Nokia 7 Plus Price View All
Rs. 23,699.00
Go To Store
Nokia 7 Plus Video
A lover of anything that has a circuit and involves physics, Shouvik is passionate about technology, science and journalism in equal parts. When not at work, he prefers reading up on ancient history, sports and engineering, going on random photography expeditions, and occasionally a long solo drive. He's also neck-deep into science fiction, and is working on a debut novel that he hopes will one day be read by Steven Erikson.
Facebook Comments