Not surprising, it's a phone model for Chinese market. The "evil services" are the Chinese equivalents of Google Maps, Google Analytics, Google Search, FB messenger, and iCloud/Samsung cloud.
The real issue is that most phone makers have tons of unnecessary services pre-installed in their phones, such as social media login, location tracking, and cloud storage. It would be better to design/license Android OS in a way that gives user complete control on what is pre-installed.
Yep. That's exactly it. Those unnecessary service calls are more likely to be Google-esque services for event tracking and user analytics than spying like U.S has portraited. In the old days when carriers released major smartphones, those will be the equivalent of bloatwares and their supporting services. If the guy examines Samsung Galaxy phones, it would almost be the same. The only difference is probably that TLS adoption are VERY LOW in Chinese market (Surprised? Not for a surveillance heavy society!), hence their services aren't using https as much as it should.
> The only difference is probably that TLS adoption are VERY LOW in Chinese market (Surprised? Not for a surveillance heavy society!), hence their services aren't using https as much as it should
I thought that the government has its fingers in all the tech companies so whether the data are encrypted or not doesn't matter?
Are you referring to the hardware attack against SuperMicro? If so, it's a pretty big leap to make from "we know about a single attack" to "fingers in all tech companies." Not that I trust Google and friends, but... that's a pretty big claim.
I am not, and in fact it seems just as likely that the supermicro endeavor was a private endeavor. It does seem likely, though, given the level of trust the government has in its companies, e.g. I think it was tencent that made their social credit system.
> If the guy examines Samsung Galaxy phones, it would almost be the same.
This is just guessing. If I have to bet, I'd as well bet that Google/Samsung/ISPs/Everyone is spying on you, but just guessing and shrugging it off is not helping.
We should be inspired to check even more devices and inform users about backdoor traffic.
To raise the other kerfuffle du jour, how is Huawei going to fare when these findings meet the GDPR? Where is the informed consent to shipping all of this PII to who knows where? And in cleartext, without even the slightest effort at protections?
I think they are also popular in Canada. You can get various versions of the Huawei P20 through carriers here. I don't regard them as spy devices. I think it's mostly a US thing.
It is absolutely insane to me that the market has not demanded for open source hardware and software. A competent company would be able to trivially hide such requests. How am I supposed to trust a large competent organization when there seems to be no incentive for them to operate on the behalf of the privacy of a user?
I still cannot believe that people would voluntarily buy US phones. Would you buy a phone from the country known for its spying abilities with dozen of agencies involved in this, from NSA to CIA to companies like Facebook, Google and the rest? You mean to tell me that all these US phones are nice and clean? Yeah, right.
Chinese, american, korean, what does it matter to european? Not a bit. Nobody has some high moral ground we so desperately wish for. If you don't want to be spied on, don't get a phone. Otherwise, you're screwed like rest of us.
Better be smart with what you actually do with the phone and what kind of data/apps you use it for.
P20 lite had the best specs at a mid rande price point. and good specs. Alas it's also quite large. P20 (non lite) has a cv ai chip, how does that fit in with the spying!?
Some people like my parents only use their phones to get directions, group chat socially, and send pictures. There's like nothing interesting to steal from them.
One could not, really. E2E encryption does not mean peer to peer. Most messenging services use a client server model. You can easily use identifiers without ever collecting personal data.
Nobody knows for sure of course unless you have access to the relevant code but Apple is at least not in the business of selling data to advertisers or needs to bolster their budget with buy in from data mining companies.
Not sure I understand your argument. iPhones send a lot of information to Apple. Apple does keep a log of who you lookup when initiating a iMessage session, even if they aren’t using iMessage. So they know who you are trying to text. This is logged and available to the government upon request. No one is afraid of China using personal data for advertising.
The real issue is that most phone makers have tons of unnecessary services pre-installed in their phones, such as social media login, location tracking, and cloud storage. It would be better to design/license Android OS in a way that gives user complete control on what is pre-installed.