A group of researchers from the University of Edinburgh and Trinity College Dublin published an article titled “Android OS Privacy Under the Loupe – A Tale from the East,” which revealed that China’s top Android phones collect far more information than they are supposed to.
“China is currently the country with the largest number of Android smartphone users. We use a combination of static and dynamic code analysis techniques to study the data transmitted by system applications pre-installed on Android smartphones from three of the most popular suppliers in China,” said the researchers.
According to the researchers, Chinese-made Android phones come preloaded with apps that send sensitive data to third-party domains without consent or notice. An examination of smartphones with Chinese-market firmware reveals that they are pre-installed with applications that transmit sensitive privacy data to third-party domains without consent or notice. This situation raises concerns about China’s ability to monitor citizens outside of its borders.
They also point out that, while all of their tests were performed on phones purchased in China, they recognize that handsets can behave differently if they detect that they are outside of China.
To account for this, the researchers established a network tunnel between their installation and a Huawei Cloud instance in Shanghai. “The IP address observed by the back server is therefore that of the Huawei Cloud server located in Shanghai. We configured each handset using Chinese as the language to simulate a local user,” reads the document.
To exclude user-installed software, the researchers focused on information transmitted by the operating system and system apps. They assume that users have opted out of analytics and personalization, that they do not use cloud storage or optional third-party services, and that they have not created an account on any platform run by the Android distribution’s developer. A reasonable policy, but it does not appear to be very effective.
The sources for this piece include an article in TheRegister.