Do Chinese Smartphones respect your privacy and security?!

Summary

This cybersecurity assessment concludes that the decomposition analysis performed on mobile devices of these Chinese manufacturers identified 10 instances of increased cybersecurity risk.

Risk #1

When the user intents to install an app on a Huawei device, a search for the application is performed in the official preinstalled AppGallery store. If the application is found, it is downloaded and installed on the device. However, if the application is not found in the official app store of Huawei, the user is automatically directed to peripheral application distribution platforms (like APKMonk, APKPure and Aptoide), and the app gets downloaded from them. Once the device completes the process of downloading the apk file, the installation of the application starts.

Risk #2

In the Xiaomi device, factory-installed system applications send statistical data on the activity of certain applications installed on the device to servers of the Chinese cloud service provider Tencent. These servers are located in Singapore, the USA, the Netherlands, Germany and India.

Risk #3

When a user chooses to use Xiaomi cloud services, the user’s mobile phone number is registered on servers located in Singapore. This is done by the device sending an encrypted SMS message to a special phone number, as shown in Figure 12. This is done without the user’s knowledge and the sent message is immediately deleted from the sent message log.

Risk #4

Xiaomi system applications (like Security, MiBrowser, Cleaner, MIUI Package Installer and Themes) have been found to regularly download the manufacturer’s updated JSON file “MiAdBlacklistConfig” from a server located in Singapore. This file contains a list composed of the titles, names and other information of various religious and political groups and social movement.

The conclusion of NCSC

NCSC recommends that users take an interest in the software and hardware used, and responsibly evaluate the proposed functionality of the equipment. In simple words, they want you to acknowledge that you still want to use these phones, after finding out about these security risks.

CyberSecurity Assesment of Chinese Smartphones for Security and Privacy

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why everyone should have a second user account on their computer

RoyalQ — Quantitative API Crypto Trading Binance/Huobi

Metawars — Angel Pool Results and all the info you need!

Ethereum-Push-Notification-Service (EPNS)

{UPDATE} Math Facts Hack Free Resources Generator

I Have a Domain Name, Now What? 6 Steps to Build Your Website

5 Tips in the Era of Data Breaches

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alireza Mortazavi

Alireza Mortazavi

More from Medium

Power of using pseudonyms on the internet

4 Truths About Cybercrime (and the research to back them up)

Privacy: A Concept in Disarray

Signatures, Key Management, and Trust in Software Supply Chains — Part 1: Identities, Signatures…