Nokia Firmware Blunder Sent Some User Data To China

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.

ethics

A coding mistake was not the cause. The cause was lack of ethics. With decent ethics that "activation package" would, in order of preference:
- not have existed.
- not have been available in the repository for this firmware.
- be disabled/inactive by default.
- inform the user explicitly of what it is doing.

4 missed opportunities to be at least somewhat ethical. That is not a mistake, that is negligence, at least.