Kuvanzika kweiyo Android inoshanda sisitimu pasi pegirazi rinokudza
Munguva ichangopfuura nhau yakabuda kuti boka re vaongorori kubva kuYunivhesiti yeEdinburgh vakaburitsa mhedzisiro de ongororo yakaitwa mu smartphones mhando Realme, Xiaomi uye OnePlus yakapihwa kumisika yeChinese neyepasirese uye kwavakaona kuti izvi vaive nechimwe chinhu, "personal data leaks".
Izvo zvakawanikwa kuti zvese zvishandiso zvine firmware zvinotengeswa kuChina zvinotumira rumwe ruzivo kumaseva ekuunganidza telemetry, senge nhamba yefoni yemushandisi, nhamba dzekushandiswa kwechikumbiro, pamwe nedata renzvimbo, IMSI (Individual Subscriber Number), ICCID (SIM Card Serial Number) uye mapoinzi akatenderedza mawaya ekupinda mapoinzi. Zvakare, Realme uye OnePlus zvishandiso zvakanzi kufambisa kufona uye nhoroondo yeSMS.
China parizvino ndiyo nyika ine nhamba huru yevashandisi veAndroid smartphone. Isu tinoshandisa musanganiswa weiyo static uye inosimba kodhi yekuongorora maitiro ekudzidza dhata inofambiswa nesystem maapplication akafanoiswa paAndroid smartphones kubva kune vatatu vevanonyanya kufarirwa vatengesi muChina.
Isu takaona kuti nhamba inotyisa yepre-yakaiswa system mutengesi uye wechitatu-bato maapplication ane njodzi ine njodzi.
Zvakakodzera kutaura izvozvo mune firmware yemusika wepasi rose, chiitiko chakadaro hachicherechedzwe kunze kwekunge kwasaraSemuenzaniso, Realme zvishandiso zvinotumira MCC (nyika kodhi) uye MNC (mobile network kodhi), uye Xiaomi Redmi zvishandiso zvinotumira data nezve yakabatana Wi-Fi, IMSI, uye mashandisirwo ehuwandu.
Pasinei nerudzi rwe firmware, zvese zvishandiso zvinotumira IMEI identifier, rondedzero yeakaiswa maapplication, vhezheni yeiyo inoshanda system uye hardware paramita.. Dhata inotumirwa nemugadziri-akaiswa system maapplication pasina mvumo yemushandisi, pasina chiziviso chekutumira, uye zvisinei nekuvanzika marongero uye kutumira telemetry.
Kuburikidza nekuongorora kwetraffic, takaona kuti mazhinji emapakiti aya anogona kuendesa kune akawanda echitatu-bato ruzivo ruzivo rwekuvanzika rune chekuita nemudziyo wemushandisi (inoenderera identifiers), geolocation (GPS).
macoordinates, zviziviso zvine chekuita netiweki), chimiro chemushandisi (nhamba dzerunhare, mashandisirwo eapp) uye hukama hwemagariro (semunhoroondo yekufona), pasina mvumo kana kuziviswa.Izvi zvinounza zvakakomba de-anonymization uye yekutevera, pamwe nenjodzi dzinoyerera kunze kweChina kana mushandisi aenda.
yenyika, uye inodaidzira kuteedzerwa kwakasimba kwemutemo uchangobva kugamuchirwa wedata wakavanzika.
parunhare Redmi, iyo data inotumirwa kune iyo host tracking.miui.com paunenge uchivhura uye uchishandisa maapplication emugadziri akafanomisikidzwa seSettings, Notes, Recorder, Phone, Messages, uye Kamera, zvisinei nemvumo yemushandisi, kutumira data yekuongorora panguva yekutanga kuseta. pamidziyo Realme uye OnePlus, iyo data inotumirwa kune mauto log.avlyun.com, aps.oversea.amap.com, aps.testing.amap.com kana aps.amap.com.
Iyo tunneling server inogamuchira zvinongedzo kubva parunhare uye yokuendesa kune kwainoda kwainoenda, zvinonzi vaongorori vakashandisa mumiriri wepakati kuti akwanise kubata uye decrypt HTTP/HTTPS traffic.
Kuti ubvise zvachose zvikumbiro zvakatangwa nenhare yeHuawei muCloud Messaging iyo inoshandiswa kutarisa yakagashirwa muchina (VM), mugero unonzi unomhanyisa tunneling proxy server wakagadzirwa. Ivo zvakare vakamhanya mitmproxy 8.0.0 ine superuser mvumo pachiteshi 8080 paVM uye yakamisikidzwa iptables kutungamira chero tunneled TCP yekubatanidza kune locahost:8080.
Nenzira iyi, mitmproxy inotaurirana nefoni pachinzvimbo chezvikumbiro kubva kune server endpoints uye inotanga zvikumbiro zvitsva kune yekuenda server endpoints nekuita sefoni, ichibvumira mitmproxy kubata chikumbiro chega chega.
Pamatambudziko akaonekwa, kusanganisirwa mukuunzwa kwezvimwe zvikumbiro zvebato rechitatu, izvo zvinopihwa mvumo yakawedzerwa nekukasira, zvinomira pachena. Pakazara, zvichienzaniswa neiyo Android AOSP codebase, imwe neimwe inofungidzirwa firmware inouya neanopfuura makumi matatu echitatu-bato maapplication akaiswa kare nemugadziri.
Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza iyo ruzivo mune inotevera chinongedzo.
Chii chitsva, izvo hazviitike chete nefoni dzeChinese, zvinoitika nemafoni ese epasi uye ani nani anotenda neimwe nzira haazive.
Ichokwadi kuti nharembozha inodonha data uye kuti izvi hazvishamise, asi kupihwa sarudzo, ndinosarudza kuipa kuGoogle pane kuhurumende yeChina.
Iko hakuna nhau nezve yakataurwa kudzidza, inoratidzika kunge yakanyatso kurongeka mumamiriro ezvinhu aripo. Chokwadi, hapana 100% yakachengeteka smartphone.