Data is transferred not only to the manufacturer, but also to Chinese mobile operators, and even outside of China. A new study shows that the latest Android devices sold in China are pre-installed with spyware that collects personal data without the user's knowledge. According to the document, one of the most popular smartphone manufacturers in China and in the world, Xiaomi, OnePlus, and Realme, collect huge amounts of sensitive user data through their OS skins and various pre-installed applications. The collected data is shared not only with the device manufacturer, but also with service providers such as Baidu and Chinese mobile operators. Given the private sector's close ties to the Chinese government, this study raises concerns about surveillance of mobile device users in China. The researchers studied the following models of devices purchased in China that have local firmware installed:

Xiaomi Redmi Note 11 with Android 11/ MIUI 12.5.4.0 RGBCNXM;

Realme Q3 Pro with Android 11/Realme UI v2.0 RMX2205_11_A.13 (based on ColorOS 11);

OnePlus 9R with Android 11/ColorOS 11.2 LE 2100_11_A.05.

In their study, the experts took into account that the device user opted out of sending analytics and personalization data to providers and does not use cloud storage or “any other optional third-party services.” At the same time, the studied smartphones collected the following information:

phone numbers;

persistent device identifiers (IMEI and MAC addresses, advertising identifiers, etc.);

geolocation data;

user contacts;

call history;

telephone metadata.

The recipient of this data will have a clear idea of who is using a particular device, where they are using it, and who they are talking to. Phone numbers in China are also tied to an individual "citizen ID", meaning it is inextricably linked to the user's real identity. The researchers found that data was sent to Chinese mobile operators even when they were not providing services (for example, when no SIM card was inserted into the device). All of this data is collected without any notice or consent from the user, and according to the researchers, it is not possible to opt out of collecting this data. Data transmission also does not stop when the device and user leave China, despite the fact that different countries have different privacy laws, which should affect the way information is collected. Over the past year, China's criticism of its spying on users has only intensified. So, on February 2, a US senator wrote a letter to Apple and Google demanding that TikTok be permanently banned from official app stores. The ban is due to the risks associated with the Chinese government's access to the vast amount of data the app collects about its US users.