HMD: Nokia 7 Plus phone data forwarding to China server went by accident

Spread the love

The transfer of data from Nokia 7 Plus phones in various European countries to a server in China happened by accident. That is what manufacturer HMD Global claims. That software should only have been on Chinese models.

The error resulted in the code for Chinese models on a batch of devices for the European market, claims HMD Global. It is an app that had to activate the phone for the network of China Telecom. Chinese law requires this to be done on a server in China. Because the data did not have the correct parameters, the server did not accept the activation and the phone tried to send the data over and over, according to the manufacturer.

The activation data for devices sold in Europe goes to an AWS server in Singapore, according to the manufacturer. In addition, the activation app’s code was sloppy, HMD admits, with references to old devices and domains. “As part of our app quality audits, we’ve seen some deviations from good quality programming practices and our software teams are working on improvements.”

According to HMD, almost all affected devices have installed the update that fixes the bug. It came along with the patch round of February. With the statement, HMD anticipates the investigation that is underway in Scandinavia into the case. The Finnish Data Protection Ombudsman is investigating whether HMD has violated privacy rules with this.

Data ended up on zzhc.vnet.cn, a server owned by China Telecom. Every time the phone was ‘turned on’, the software sent SIM card and imei numbers, including the cell tower to which the phone was connected, unencrypted to a server in China. The culprit turned out to be a service from chipmaker Qualcomm running in the background: com.qualcomm.qti.autoregistration.apk.

You might also like