The problem with apps collecting and sharing users’ personal information behind their backs exists all over the world. However, in china is on another level. This was revealed by a recent investigation carried out on Android phones sold by Xiaomi, OnePlus and Realme in the Asian giant. It showed that they arrive loaded with pre-installed applications that record all kinds of sensitive data and send it to third parties.
The Register echoed the work of three university students—two from the University of Edinburgh, Scotland, and the remainder from Trinity College in Ireland—who made the shocking discovery. The results were obtained by studying the software of three of the most popular Android mobile models of the aforementioned Chinese brands. They specifically focused on the Redmi Note 11, from Xiaomi, the OnePlus 9R and the Realme Q3 Pro.
Analysts found that each of the aforementioned phones came with more than 30 third-party app bundles. Several of which ran continuously in the background to capture and share personal information without the users realizing it.
In the case of the Xiaomi mobile, it was found that between the bloatware apps like Baidu Input and Sogou Input appeared. While those of OnePlus and Realme —two of BBK’s subsidiaries along with Vivo and Oppo— had in common the presence of navigation applications such as Baidu Map and Amap, the latter belonging to the Alibaba Group.
Other pre-installed software packages on the aforementioned Android phones included video streaming services, online shopping and news portals. and they all had virtually unrestricted access to all types of personally identifiable information. Material that was sent not only to smartphone manufacturers, but also to Baidu (the Chinese Google) and mobile phone providers.
The main Android mobile brands shamelessly spy on their users in China
The authors of the investigation identified the parameters registered by each of the analyzed Android mobiles, and the results are alarming. And they make it clear that the companies involved They have set up an infrastructure specifically designed to spy on their users.
“We found that an alarming number of pre-installed system, carrier, and third-party apps are being granted dangerous privileges. Through traffic analysis, we found that these packets transmit to many third party domains sensitive privacy information related to the user’s device (persistent identifiers), geolocation (GPS coordinates, network related identifiers), user profile (number phone numbers, app usage) and social relationships (e.g. call history), without consent or even notification.”
Haoyu Liu, Paul Patras and Douglas Leith, authors of the research.
But what is interesting about this story is that the invasive behavior of the bloatware not limited to operating within China. When users travel outside the country, they continue to collect a large amount of information, even despite the stricter laws that apply in many Western territories. Something that is aggravated when considering that all Chinese telephone lines are registered under a personal identification.
Certainly, none of the Android mobile brands analyzed is standing well. In the specific case of Xiaomi, the researchers found that the Redmi smartphone was sending information to an external tracking URL every time the pre-installed Camera, Messages, Notes and even the sound recorder apps were opened. But not only that, since the behavior was the same when entering the mobile settings.
In addition, the devices attempted to send sensitive information when mobile networks were not available or when a phone line from a different provider was used. And also even if the presence of a SIM card was not detected.
What happens in the rest of the world
Finally, the researchers conducted a cross-regional comparison of Android versions used in Chinese mobiles, with their global counterparts created by the same developers. “We found that the number of third-party applications pre-installed in Chinese OS distributions is 3-4 times higher than for its corresponding global distribution. And that they receive 8 to 10 times more permissions than third-party apps in global distributions.including many more of those that are classified as dangerous,” they explained.
Let’s remember that none of the brands mentioned in the study use the “pure” versions of Android on their mobiles. Xiaomi has its own distribution called MIUIbased on Google OS, while OnePlus does the same with OxygenOS. While Realme used ColorOSfrom Oppo, until in 2020 it adopted Realme UIits own customization layer on top of Android.
