They discovered that Realme, Xiaomi and OnePlus smartphones leaked personal data

darkcrizt | | Updated on | News

Comments

data leak on smartphones

The privacy of the Android operating system under the magnifying glass

Recently the news broke that a group of researchers from the University of Edinburgh published the result de an analysis carried out in smartphones brands Realme, Xiaomi and OnePlus supplied to the Chinese and world markets and in which they detected that these they had something in particular, “personal data leaks”.

It has been discovered that all devices with firmware for sale in China send additional information to servers for telemetry collection, such as the user's phone number, application usage statistics, as well as location data, IMSI (Individual Subscriber Number), ICCID (SIM Card Serial Number) and points surrounding wireless access points. Also, Realme and OnePlus devices have been reported to stream call and SMS history.

China is currently the country with the largest number of Android smartphone users. We use a combination of static and dynamic code analysis techniques to study data transmitted by system apps pre-installed on Android smartphones from three of the most popular vendors in China.

We found that an alarming number of pre-installed system vendor and third-party apps have dangerous privileges.

It is worth mentioning that in firmware for the global market, such activity is not observed with some exceptionsFor example, Realme devices send MCC (country code) and MNC (mobile network code), and Xiaomi Redmi devices send data about connected Wi-Fi, IMSI, and usage statistics.

Regardless of the type of firmware, all devices send an IMEI identifier, a list of installed applications, the version of the operating system and hardware parameters. Data is sent by manufacturer-installed system applications without user consent, without notification of delivery, and regardless of privacy settings and delivery telemetry.

Through traffic analysis, we found that many of these packets can transmit to many third-party domains sensitive privacy information related to the user's device (persistent identifiers), geolocation (GPS
coordinates, network-related identifiers), user profile (phone number, app usage) and social relationships (e.g. call history), without consent or even notification.

This poses serious de-anonymization and tracking, as well as risks that spill over outside of China when the user leaves.
of the country, and calls for more rigorous enforcement of recently adopted data privacy legislation.

on a phone Redmi, the data is sent to the host tracking.miui.com when opening and using the manufacturer's pre-installed apps such as Settings, Notes, Recorder, Phone, Messages, and Camera, regardless of user consent, to send diagnostic data during initial setup. on devices Realme and OnePlus, the data is sent to the hosts log.avlyun.com, aps.oversea.amap.com, aps.testing.amap.com or aps.amap.com.

The tunneling server receives connections from the phone and forwards them to the intended destinations, it is mentioned that the researchers implemented an intermediary proxy to be able to intercept and decrypt HTTP/HTTPS traffic.

In order to completely isolate requests initiated by a Huawei phone in the Cloud Messaging that is used to monitor the hosted virtual machine (VM), a tunnel called running the tunneling proxy server was created. They also ran mitmproxy 8.0.0 with superuser permissions on port 8080 on the VM and configured iptables to redirect any tunneled TCP connections to locahost:8080.

In this way, mitmproxy communicates with the phone on behalf of the requests from the server endpoints and initiates new requests to the destination server endpoints by posing as the phone, allowing mitmproxy to intercept each request.

Of the problems identified, the inclusion in the delivery of additional third-party applications, which are granted extended permissions by default, also stands out. In total, compared to the Android AOSP codebase, each considered firmware comes with more than 30 third-party applications pre-installed by the manufacturer.

Finally, if you are interested in knowing more about it, you can consult the details in the following link.


The content of the article adheres to our principles of editorial ethics. To report an error click here.

3 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   typhus said
    ago 4 months

    What a novelty, that does not happen only with Chinese mobile phones, it happens with all mobile phones in the world and whoever believes otherwise is ignorant.

    respond to typhus
  2.   user12 said
    ago 4 months

    It is true that mobile phones are a data leak and that this is not surprising, but given the choice, I prefer to give it to Google than to the Chinese government.

    Reply to user12
  3.   alex borrell said
    ago 4 months

    There is no news about said study, it seems to be very polarized in the current circumstances. The reality, there is no 100% secure smartphone.

    Reply to Alex Borrell