According to a Nitrokey study, Qualcomm is transferring personal data from cellphones without customers’ authorization, even when they are running Google-free Android variants.
Nitrokey researchers determined that vendor software associated with the chip maker is to blame for the data leakage, which might affect Qualcomm-powered smartphones such as the Sony Xperia XA2 and Fairphone. The data provided is not encrypted, posing serious threats to user privacy and security.
Users that choose non-Google versions of Android to secure their data may be vulnerable to proprietary vendor applications. Nitrokey advocates for alternatives to Google’s monitoring and tracking techniques, such as a de-Googled Android phone that uses an open-source app store rather than downloading APK files directly from vendor websites.
Qualcomm’s A-GPS service is in charge of uploading personal data to servers through the obsolete HTTP protocol, which includes unique device IDs, country codes, and operator codes, creating substantial dangers to user privacy and security. Qualcomm’s proprietary software, according to Nitrokey, poses major dangers to user privacy and security, affecting even de-Googled devices that require proprietary software to maintain the hardware.
Nitrokey advises impacted customers to block the Qualcomm XTRA service using a DNS-over-TLS cloud-based block service or re-route traffic to the GrapheneOS proxy server. This, however, necessitates technical knowledge and does not offer the same level of protection as Nitrokey’s dedicated open-source NitroPhone.
The sources for this piece include an article in Nitrokey.