Here’s how Xiaomi, Realme and OnePlus spy on their Android phone users in China

The problem with applications that collect and distribute personal information of users behind their backs exists all over the world. However, China on a different level. This was revealed by a recent investigation conducted on Android phones sold Xiaomi, OnePlus and Realme at the Asian giant. It showed that they arrive with pre-installed applications that record all kinds of sensitive data and send it to third parties.

Register replicated the work of three university students—two from the University of Edinburgh in Scotland and the rest from Trinity College in Ireland—who made a shocking discovery. The results were obtained by examining the software of the three most popular Android mobile models of the aforementioned Chinese brands. They paid particular attention to Redmi Note 11 from Xiaomi, OnePlus 9R and Realme Q3 Pro.

Analysts have found that each of the aforementioned phones comes with over 30 third-party app bundles. Some of them were constantly running in the background to collect and share personal information without the knowledge of users.

In the case of the Xiaomi mobile phone, it was found that between viruses Apps such as Baidu Input and Sogou Input have emerged. While OnePlus and Realme — two subsidiaries of BBK along with Vivo and Oppo — shared the presence of navigation apps like Baidu Map and Amap, the latter is owned by Alibaba Group.

Other pre-installed software packages on the aforementioned Android phones included video streaming services, online stores, and news portals. and they all had virtually unlimited access to all types of personal information. Material that was sent not only to smartphone manufacturers, but also to Baidu (Chinese Google) and mobile phone providers.

Major Android mobile brands shamelessly spy on their users in China

The authors of the study determined the parameters recorded by each of the analyzed Android mobile devices, and the results are alarming. And they make it clear that the companies involved They have created an infrastructure specifically designed to spy on their users..

“We have found that an alarming number of pre-installed system, carrier and third-party applications are being given dangerous privileges. By analyzing the traffic, we found that these packets transmit sensitive privacy information related to the user’s device (persistent identifiers), geolocation (GPS coordinates, network-related identifiers), user profile (phone numbers, application usage) and social networks. relationships (such as call history) without consent or even notice.”

Haoyue Liu, Paul Patras and Douglas Leith, study authors.

But what is interesting about this story is that aggressive behavior viruses not limited to work in China. When users travel outside of the country, they continue to collect a large amount of information, even despite the stricter laws in place in many Western territories. Something is exacerbated when you consider that all Chinese telephone lines are registered under personal data.

Of course, none of the analyzed Android mobile brands is in good standing. In the specific case of Xiaomi, the researchers found that the Redmi smartphone sent information to an external tracking URL every time the pre-installed Camera, Messages, Notes, and even audio recording apps were opened. But not only that, as the behavior was the same when entering mobile settings.

In addition, the devices attempted to send sensitive information when mobile networks were unavailable or a phone line from a different provider was in use. And even if the presence of a SIM card was not detected.

What’s going on in the rest of the world

Finally, the researchers conducted a cross-regional comparison of Android versions used in Chinese mobile devices with their global counterparts created by the same developers. “We found that the number of third-party applications pre-installed in Chinese OS distributions is 3-4 times higher than in the corresponding global distributions. And that they get 8-10 times more permissions than third-party apps in global distributions.including many others of those classified as dangerous,” they explained.

As a reminder, none of the brands mentioned in the study use “pure” versions of Android on their mobile devices. Xiaomi has its own distribution called MIUIbased on Google OS while OnePlus does the same with Oxygen OS. While Realme used ColorOSfrom Oppo until 2020 adopted Realme UIown level of customization on top of Android.