Nokia Firmware Blunder Sent Some User Data To China

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.

Me Chinese me play joke

Me steal recipe for your coke

Re: Me Chinese me play joke

This happens on an iphone too, plus everytime you open an app. It is normally masked as crash analytics.

Also this happens for every webpage you browse

And on every windows 10 machine out there.

Sending to china is marginally worse than recording the data in the first place.

Re: Me Chinese me play joke

Citation needed for iPhone.

Unlock the phone

[DrYak]

One more argument to not trust whatever is pre-installed on your smartphone, but unlock the bootloader and flash a firmware that *YOU personally* trust.

Be it some opensource Android derivative,
or some completely different full-blown GNU/Linux based solution.
( ^- just citing my personal favorite. You could also think about Ubuntu Touch from UBPorts, the system that Purism is building specifically for their Librem 5 phone, etc.)

Re: Unlock the phone

Or just use an iPhone instead of android amateur hour.

Re: Unlock the phone

so reduced capability, and reduced security is your answer?

Re: Unlock the phone

iPhones are more secure (than any android phone) and far more capable than the Nokia phones.

Re:Unlock the phone

windows 10 does the same thing or worse, and its used on administrative computers, computers that handle data about ME that i cant control

installing linux on my home computer does NOTHING about that, but "somehow" my country still uses windows to handle data from the citizens, then they make tons of laws about privacy and all that stuff, its a blatant lie that they care about privacy when they are buying windows 10 licenses to handle citizens data

at that point i dont give a fuck about having en entire chinese familly living inside my butthole as long as it does not tickle

Nokia never again

preinstalled with spyware no thanks

Re:Nokia never again

Less spyware than any other manufacturer has though

Oh no

[fortythirteen]

What a "blunder"

ethics

A coding mistake was not the cause. The cause was lack of ethics. With decent ethics that "activation package" would, in order of preference:
- not have existed.
- not have been available in the repository for this firmware.
- be disabled/inactive by default.
- inform the user explicitly of what it is doing.

4 missed opportunities to be at least somewhat ethical. That is not a mistake, that is negligence, at least.

Re:ethics

Oh the irony ...
https://www.nokia.com/nokia-on...

Re:ethics

[Luckyo]

This "activation package" exists for essentially every smartphone running the two primary phone OSs in existence. It's also present in a slightly different form on win10. It's typically called "telemetry".

The coding mistake was likely in that HMD makes a lot of phones for Chinese market, which means that data is sent to local Chinese companies doing the data processing rather than US ones. So it's likely that someone was copy-pasting code for one of the updates, and accidentally pasted too many lines of code.

If you think this practice unethical, you're barking up a completely wrong tree. Correct trees to bark at would be Google, Apple and Microsoft, followed by their Chinese counterparts like Tencent.

Re:ethics

[Luckyo]

Do you realise that Nokia you're citing is a different company from HMD which is licensing the Nokia brand for its phones?

Mod Up

[SuperKendall]

I came here to say the same thing, but you laid it the multiple levels of ethics failure perfectly.

It's crazy to me that any level of a company thinks stuff like this is acceptable.

Re:Mod Up

This exposes the data collection requirements for phone manufacturers by the Chinese government more than anything else.

Why else would they install something like that? Surely no ad network could have been paying enough for the company to include that.

No Subject

More Money for the EU.
#GDPR

https://eugdpr.org/

I'm safe!

[grumpy-cowboy]

I have a Google Pixel. ;)

Re:I'm safe!

I have a Google Pixel. ;)

LOL!

Re:I'm safe!

[Shikaku]

https://download.lineageos.org... if he did use this and not install any of the GApps he is actually, but I'm not the OP so I don't know.

Re:BBC Film: What Happened To Nokia?

The BBC doc crew got to some of the original 14 employees of Nokia

That's quite surprising, considering the company was founded in 1865.

Ha ha

[JustAnotherOldGuy]

Yeah, right- it was a 'blunder'.

From the until-we-get-caught dept.

[theCat]

Or maybe it was the chinese-outsourcing dept.

Or maybe the easier-to-say-sorry-than-ask-permission dept.

Only Huawei is evil

Signed NSA

Where is the firmware?

[DrYak]

The whole point of my post is the ability to put yourself a firmware that you trust.

How can I get an iOS (or any other firmware, for that matters) to flash myself on an iPhone ?

You can't.

You're back to trusting whatever was pre-flashed at the factory.

From the point of view of "you have no control on what is running on your phone", iPhone are at least as bad as shit from Xiaomi or Huawei or even TFA's HMD, and actually even worse in practice (you can't unlock the bootloader and put your own firmware there).