> I didn't manage to trigger the network communications to the teddymobile servers but I will continue later.
It looks to me like this person is cherrypicking random SDK methods that may seem suspicious out of context and making very wild assumptions of their purposes.
For example, they show a function that checks if a string contains a bank account number (https://twitter.com/fs0c131y/status/956649951056064513). Somehow they then jump to the conclusion that copied text is run through this function and uploaded to some server! But where is the proof? They could check where this method is used and show this supposed data upload happening.
In fact, since these methods are coming from some third party SDK and not the app itself, they could be completely unused.
What we do know is the intent of those functions, and it paints a quite horrible image.
On the one side you have individuals that don't want their private information to be revealed without their consent. On the other are device manufacturers, advertisers, startups, and giants like Google and Facebook. Often, maintaining privacy while viewing a single website requires either trusting or subverting the intentions of multiple such organizations.
It's like going to war with the British Royal Navy at the height of its power in a dinghy. So far it's been possible because the navy has made a promise that they'll "play fair". But that can change on a whim and there's ultimately very little you can do if that happens.
Now you're going to war with the Royal Navy in a nuclear armed ruber dinghy
4% revenue per timeframe in which privacy rights were violated, or 20 million. EUR, whichever is larger, is absolutely nothing to ignore anymore.
Per GP comment, there is a whole tech stack of N providers, each piece made or running in a different country, pushing data to servers in another country, which data is bought by interests in a third country, for M destinations. Then you get the providers who intentionally don't store data in GDPR countries specifically so they can avoid these rules. Look at what Uber already does to skirt the authorities. So you have at least MxN countries possibly involved or whatever. If your data is released, it'll rattle around in a pachinko machine of jurisdiction debate for years against well funded, malicious corporations.
It doesn't seem like any rule is enforceable in practice.
If a company even stores a record of a single EU citizen, the GDPR applies to it, and the EU has the right to seize the assets of the company for the purpose of enforcing it.
If you were to only offer your service in North America, but someone from the EU comes over to North America on vacation, and somehow becomes recorded in your service.
Does the GDPR still apply in this case?
Article 3 defines the territorial scope:
Yeah. Good luck with that.
It'll work for the big, entrenched companies like Facebook who couldn't bear to be without its UK customers, for example. But I don't see the EU successfully going after every little dot-com startup from Alabama to Angola, many of them in jurisdictions that barely have a functioning legal system, let alone respect for EU law.
If such extraterritorial enforcement was actually possible, there would be no 419 scammers.
1. It feeds into the suspicion many have that many (most? all?) large Chinese companies are effectively controlled by the Chinese government. This could go as far as having backdoors in, say, Huawei routing equipment.
2. Effectively disclosing a user's personal information to the Chinese government could, in some cases, imperil their liberty, even their life. I'm talking about people the Chinese governments views as "dissidents". The same would be true if it were a Russian, North Korean, Iranian, Syrian or Sudanese company.
All is the correct answer. Just like it's not legal to own property in China, all companies are ultimately owned and controlled by the Chinese government. They have shiny, pretty, Western-looking front ends to attract foreign investment, but from a strictly legal standpoint, they're all owned by the government.
For some reason people forget that China is still a communist country. Nothing's changed other than it's gone from exporting rice to exporting phones.
It's not accurate to say China is "still a communist country." It could be more closely defined as a capitalist one-party state. That one party is the CCP, and they still revere Mao, but it's an open secret that they have embraced capitalism under a veneer of socialist populism.
That being said, it's not wrong to say that information in the hands of a Chinese company is a trivial step away from being information in the hands of the Chinese state.
The recent few "data collection" alarms appears to be smear campaign.
On the other hand, there's no guarantee your data isn't also made available to domestic parties, either as it's intercepted in transit or explicitly shared in bulk in exchange for e.g. concessions on a trade treaty
It depends on who the "you" is.
If it's a couple of internet nobodies like you and me that China is spying on, then it's no big whoop. But if the "you" in question is someone who works at the Pentagon, or at a defense contractor, or a diplomat, or government official, then there's a problem.
I'm getting quite tired of one plus. This is the third strike against them in at least the last 6 months.
Anyone has good experience with a custom rom on a one plus 5?
Also worth noting iPhone sends a lot of information in the HTTP headers about your phone - like model number. Android does the same thing. Also simply plugging your phone in to USB (not accepting any on-screen dialogs) will save the IEMI and other device IDs into your system log. If you ever have a device stolen I suggest you run $(zgrep -i iphone /var/log/*.gz)
I don't know about that. I've found their hardware to offer surprisingly good value for money, and they offer close-to-stock Android for much less than Google now do.
Their privacy failures are deeply unfortunate; I'd have remained a happy customer for the next several years were it not for these issues.
There's an r/android discussion on this currently, where the consensus is that the twitter poster is a serial clickbaiter.