Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy China Security Technology

Nokia Firmware Blunder Sent Some User Data To China (zdnet.com) 32

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.
This discussion has been archived. No new comments can be posted.

Nokia Firmware Blunder Sent Some User Data To China

Comments Filter:
  • by DrYak ( 748999 ) on Thursday March 21, 2019 @02:03PM (#58311496) Homepage

    One more argument to not trust whatever is pre-installed on your smartphone, but unlock the bootloader and flash a firmware that *YOU personally* trust.

    Be it some opensource Android derivative [lineageos.org],
    or some completely different full-blown GNU/Linux [sailfishos.org] based solution.
    ( ^- just citing my personal favorite. You could also think about Ubuntu Touch from UBPorts, the system that Purism is building specifically for their Librem 5 phone, etc.)

  • What a "blunder"
  • ethics (Score:5, Insightful)

    by Anonymous Coward on Thursday March 21, 2019 @02:18PM (#58311598)

    A coding mistake was not the cause. The cause was lack of ethics. With decent ethics that "activation package" would, in order of preference:
    - not have existed.
    - not have been available in the repository for this firmware.
    - be disabled/inactive by default.
    - inform the user explicitly of what it is doing.

    4 missed opportunities to be at least somewhat ethical. That is not a mistake, that is negligence, at least.

    • Mod Up (Score:3, Interesting)

      by SuperKendall ( 25149 )

      I came here to say the same thing, but you laid it the multiple levels of ethics failure perfectly.

      It's crazy to me that any level of a company thinks stuff like this is acceptable.

      • by Anonymous Coward

        This exposes the data collection requirements for phone manufacturers by the Chinese government more than anything else.

        Why else would they install something like that? Surely no ad network could have been paying enough for the company to include that.

    • by Luckyo ( 1726890 )

      This "activation package" exists for essentially every smartphone running the two primary phone OSs in existence. It's also present in a slightly different form on win10. It's typically called "telemetry".

      The coding mistake was likely in that HMD makes a lot of phones for Chinese market, which means that data is sent to local Chinese companies doing the data processing rather than US ones. So it's likely that someone was copy-pasting code for one of the updates, and accidentally pasted too many lines of cod

  • I have a Google Pixel. ;)

  • Yeah, right- it was a 'blunder'.

  • Or maybe it was the chinese-outsourcing dept.

    Or maybe the easier-to-say-sorry-than-ask-permission dept.

  • by Anonymous Coward

    Signed NSA

news: gotcha

Working...