The National Security Center of the Lithuanian Ministry of Defense has issued a frightening report on Chinese phones sold in the European Union. Experts have carefully studied three models: Huawei P40 5G, Xiaomi Mi 10T 5G and OnePlus 8T 5G. And they found four “significant” risks in two of them – Huawei and Xiaomi.
Based on the data obtained, the department recommends that Lithuanian citizens dispose of their Chinese phones.
What does the investigation show?
Two of them concern applications that are installed on phones, one of them concerns the security of users’ personal data, and the other – violation of freedom of speech. Three of them are found in the Xiaomi model and one – in the Huawei model. No vulnerabilities were detected in the OnePlus model.
Carefully studying the HuaweiP40, experts found that AppGallery, the official app store that users are forced to use due to the lack of a Google Play Store, automatically redirects the search to third-party app stores when the app you’re looking for isn’t available. Some of the applications in these stores are recognized by antivirus programs as problematic: infected with viruses or malware.
The second problem affects the Mi Browser Internet browser on Xiaomi devices. In addition to using Google Analytics, as in other browsers, it also has built-in Chinese Sensor Data software, which collects and periodically sends data on 61 functions related to how the user uses the device. This data is sent to the Xiaomi server outside the European Union, which is a violation of the GDPR.
“Xiaomi devices do not censor data,” the BBC quoted a company spokesman as saying. He added that the company complies with GDPR requirements.
Huawei has told the British media that it complies with the laws and regulations of the countries in which it operates, and gives priority to confidentiality and secrecy. A manufacturer’s representative also said that the phone does check the security of applications.
There is another problem with Xiaomi devices: the possibility that content viewed and created on the phone may be censored. Many applications, including Mi Wrower, periodically download banned keyword lists. If the content that the user downloads from the Internet includes any of them, the download is blocked.
At the time of the investigation, the list included 449 words and combinations in Chinese, including those related to Tibet, Taiwan, democratic movements, and others. This feature is excluded in models sold in the country, but still available and can be remotely activated and supplemented at any time without user permission.
The issue of privacy again concerns Xiaomi, in particular the built-in cloud service. To activate it, you need to send SMS, the content of which is encrypted, and you can not say exactly what data the phone sends.
“Our recommendation is that people do not buy new Chinese phones and get rid of already purchased smartphones as soon as possible,” said Deputy Defense Minister Margiris Abukevicius.