Watch out! These 2 HP Brands Steal Data Sent to China, Do You Have It?
Photo: Xiaomi CC9 & Oppo F5
Owners of Android cellphones made in China seem to have to be more vigilant. The reason is, there is research that reveals Chinese cellphones such as Xiaomi Redmi and Oppo Realme steal personal data and then transfer it to the Bamboo Curtain country.
A report states that Android phones from China are filled with built-in applications that transmit privacy-sensitive data to third-party domains without user consent or notification. This clearly carries potential danger because it could involve important data.
Researchers Haoyu Liu from the University of Edinburgh, Douglas Leith from Trinity College Dublin, and Paul Patras from the University of Edinburgh, show that personal information leaks pose a serious risk to Chinese cell phone customers.
The three researchers analyzed Android system applications installed on cellphones from three popular cellphone vendors in China, namely OnePlus, Xiaomi and Oppo Realme.
As a result, the researchers looked specifically at the information sent by the operating system and system applications.
Photo: Redmi 12. (CNBC Indonesia/Faisal Rahman)
Redmi 12. (CNBC Indonesia/Faisal Rahman)
The collection of pre-installed apps consists of Android AOSP packages, vendor code, and third-party software. There are more than 30 third-party packages on every Android phone with Chinese firmware.
The default Chinese applications detected include Baidu, IflyTek, and Sogou on the Xiaomi Redmi Note 11. On the OnePlus 9R and Realme Q3 Pro, there is Baidu Map as a foreground navigation application and a Map package. And there are also news apps, video streaming and online shopping apps bundled into the Chinese firmware.
"The data we observed being transmitted included fixed device identification (IMEI, MAC address), location identification (GPS coordinates, mobile network cell ID), user profiles (phone numbers, app usage patterns, app telemetry), and social relationships (call history /SMS/time, phone numbercontacts, etc.)," said the researchers in their paper, reported by The Register, quoted Saturday (16/9/2023).
In a paper entitled "Android OS Privacy Under the Loupe - A Tale from the East" the researchers claim that Redmi phones send post requests to the URL "tracking.miui.com/track/v4" every time the Settings, Notes, Recorder, Pre-installed Phone, Messages and Camerapreviously opened and used.
But what's worrying is that the data is still sent even if the user deactivates the "Send Usage and Diagnostic Data" permission during device startup.
Data collection from these devices does not change when the devices leave China even if local jurisdictions impose stronger data protection rules.
"This information poses a serious risk of user identity disclosure (de-anonymization) and extensive tracking, especially because in China every phone number is registered under a citizen ID," they added.
Another finding of researchers is that there are three to four times as many pre-installed third-party apps in Chinese Android distributions as in Androids from other countries. The app gets eight to 10 times more permissions for third-party apps compared to Android distributions from outside China.
Awas! 2 Merek HP Ini Curi Data Dikirim ke China, Kamu Punya?
Foto: Xiaomi CC9 & Oppo F5
Pemilik HP Android buatan China agaknya harus lebih waspada. Pasalnya, ada penelitian yang mengungkap HP China seperti Xiaomi Redmi dan Oppo Realme mencuri data pribadi kemudian ditransfer ke Negeri Tirai Bambu.
Sebuah laporan menyebut bahwa HP Android asal China dipenuhi dengan aplikasi bawaan yang mentransmisikan data sensitif privasi ke domain pihak ketiga tanpa persetujuan atau pemberitahuan pengguna. Ini jelas membawa potensi bahaya karena bisa saja menyangkut data-data penting.
Peneliti Haoyu Liu dari University of Edinburgh, Douglas Leith dari Trinity College Dublin, dan Paul Patras dari University of Edinburgh, menunjukkan bahwa kebocoran informasi pribadi menimbulkan risiko yang serius bagi pelanggan HP China.
Ketiga peneliti tersebut menganalisis aplikasi sistem Android yang diinstal di ponsel dari tiga vendor HP populer di China yakni OnePlus, Xiaomi, dan Oppo Realme.
Hasilnya, para peneliti melihat secara khusus informasi yang dikirimkan oleh sistem operasi dan aplikasi sistem.
Foto: Redmi 12. (CNBC Indonesia/Faisal Rahman)
Redmi 12. (CNBC Indonesia/Faisal Rahman)
Kumpulan aplikasi bawaan (pre-installed apps) terdiri dari paket Android AOSP, kode vendor, dan perangkat lunak pihak ketiga. Ada lebih dari 30 paket pihak ketiga di setiap HP Android dengan firmware Cina.
Aplikasi China bawaan yang terdeteksi antara lain Baidu, IflyTek, dan Sogou di Xiaomi Redmi Note 11. Di OnePlus 9R dan Realme Q3 Pro, ada Baidu Map sebagai aplikasi navigasi latar depan dan paket Map. Dan ada juga aplikasi berita, streaming video, serta aplikasi belanja online yang digabungkan ke dalam firmware China.
"Data yang kami amati sedang dikirim termasuk identifikasi perangkat tetap (IMEI, alamat MAC), identifikasi lokasi (koordinat GPS, mobile network cell ID), profil pengguna (nomor telepon, pola penggunaan aplikasi, telemetri aplikasi), dan hubungan sosial (riwayat panggilan/SMS/waktu, nomor telepon kontak, dll)," kata para peneliti dalam makalah mereka, dilansir dari The Register, dikutip Sabtu (16/9/2023).
Lewat makalah yang berjudul "Android OS Privacy Under the Loupe - A Tale from the East" itu para peneliti mengklaim bahwa ponsel Redmi mengirimkan permintaan posting ke URL "tracking.miui.com/track/v4" setiap kali aplikasi Pengaturan, Catatan, Perekam, Telepon, Pesan, dan Kamera yang sudah diinstal sebelumnya dibuka dan digunakan.
Namun yang bikin khawatir, data tersebut tetap dikirim meskipun pengguna menonaktifkan izin "Kirim Data Penggunaan dan Diagnostik" selama pengaktifan perangkat.
Pengumpulan data dari perangkat ini tidak berubah saat perangkat keluar dari China meskipun yurisdiksi di negara setempat memberlakukan aturan perlindungan data yang lebih kuat.
"Informasi ini menimbulkan risiko serius atas pengungkapan identitas (de-anonim) pengguna dan pelacakan ekstensif, terutama karena di China setiap nomor telepon terdaftar di bawah ID warga negara," imbuh mereka.
Temuan peneliti lainnya adalah bahwa ada tiga hingga empat kali lebih banyak aplikasi pihak ketiga bawaan di distribusi Android China daripada di Android dari negara lain. Aplikasi ini mendapatkan delapan hingga 10 kali lebih banyak izin untuk aplikasi pihak ketiga dibandingkan dengan distribusi Android dari luar China.
0 Comments