Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nokia Firmware Blunder Sent Some User Data To China (zdnet.com)

Posted by msmash on from the privacy-woes dept.

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.

13 of 32 comments (clear)

  1. Unlock the phone by DrYak · · Score: 2

    One more argument to not trust whatever is pre-installed on your smartphone, but unlock the bootloader and flash a firmware that *YOU personally* trust.

    Be it some opensource Android derivative,
    or some completely different full-blown GNU/Linux based solution.
    ( ^- just citing my personal favorite. You could also think about Ubuntu Touch from UBPorts, the system that Purism is building specifically for their Librem 5 phone, etc.)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  2. Oh no by fortythirteen · · Score: 1

    What a "blunder"

  3. ethics by Anonymous Coward · · Score: 5, Insightful

    A coding mistake was not the cause. The cause was lack of ethics. With decent ethics that "activation package" would, in order of preference:
    - not have existed.
    - not have been available in the repository for this firmware.
    - be disabled/inactive by default.
    - inform the user explicitly of what it is doing.

    4 missed opportunities to be at least somewhat ethical. That is not a mistake, that is negligence, at least.

    1. Re:ethics by Luckyo · · Score: 2

      This "activation package" exists for essentially every smartphone running the two primary phone OSs in existence. It's also present in a slightly different form on win10. It's typically called "telemetry".

      The coding mistake was likely in that HMD makes a lot of phones for Chinese market, which means that data is sent to local Chinese companies doing the data processing rather than US ones. So it's likely that someone was copy-pasting code for one of the updates, and accidentally pasted too many lines of code.

      If you think this practice unethical, you're barking up a completely wrong tree. Correct trees to bark at would be Google, Apple and Microsoft, followed by their Chinese counterparts like Tencent.

    2. Re:ethics by Luckyo · · Score: 2

      Do you realise that Nokia you're citing is a different company from HMD which is licensing the Nokia brand for its phones?

  4. Mod Up by SuperKendall · · Score: 2, Interesting

    I came here to say the same thing, but you laid it the multiple levels of ethics failure perfectly.

    It's crazy to me that any level of a company thinks stuff like this is acceptable.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Mod Up by Anonymous Coward · · Score: 1

      This exposes the data collection requirements for phone manufacturers by the Chinese government more than anything else.

      Why else would they install something like that? Surely no ad network could have been paying enough for the company to include that.

  5. I'm safe! by grumpy-cowboy · · Score: 1

    I have a Google Pixel. ;)

    --
    Will $CURRENT_YEAR be the year of the Linux Desktop?
    1. Re:I'm safe! by Shikaku · · Score: 1

      https://download.lineageos.org... if he did use this and not install any of the GApps he is actually, but I'm not the OP so I don't know.

  6. Ha ha by JustAnotherOldGuy · · Score: 1

    Yeah, right- it was a 'blunder'.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  7. From the until-we-get-caught dept. by theCat · · Score: 1

    Or maybe it was the chinese-outsourcing dept.

    Or maybe the easier-to-say-sorry-than-ask-permission dept.

    --
    =^..^= all your rodent are belong to us
  8. Only Huawei is evil by Anonymous Coward · · Score: 1

    Signed NSA

  9. Where is the firmware? by DrYak · · Score: 2

    The whole point of my post is the ability to put yourself a firmware that you trust.

    How can I get an iOS (or any other firmware, for that matters) to flash myself on an iPhone ?

    You can't.

    You're back to trusting whatever was pre-flashed at the factory.

    From the point of view of "you have no control on what is running on your phone", iPhone are at least as bad as shit from Xiaomi or Huawei or even TFA's HMD, and actually even worse in practice (you can't unlock the bootloader and put your own firmware there).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]