Recently, HMD-owned Nokia’s 7 Plus was found to be sending private data from a Norwegian user’s phone to a remote server in China. It was recorded that upon every unlock of the phone, unencrypted data containing Henrik Austad’s location, the SIM card number, and the phone’s serial number was transmitted to a Chinese server. HMD Global says this was an “error in the packing process of software” and that it has been fixed.
This may be the most recent case of such a “mistake” but it’s not the only one. Most notably, OnePlus was found to be doing the same thing in a beta build, but claimed to have fixed it soon enough. We’re glad the companies involved provide quick fixes, but the question remains the same. How does this mistake happen in the first place?
REPORTS UNFOLD CHINESE LAWS
The software was written this way on purpose. The data being collected and sent to China is specifically supposed to be like that. Tagging it as “just a mistake”, feels like a software engineer somewhere screwed up while writing the code.
Whereas, in reality, the screw up really happened when the software was built for markets outside of China. The Chinese government demands its users of mobile devices to provide this information every time they are being used. The Chinese government wants to know where you are and it does so by tracking the hardware by location whenever you unlock your phone.
If a company were to try and sell a phone that doesn’t comply with these laws, it would face the wrath of the Chinese government. So would the software engineers who didn’t include the “feature”. It’s no wonder why it’s done for phones made and sold in China.
When Nokia 7 Plus was built for markets outside China, it required a bit of software modification. Part of this process is to remove some of the code the Chinese government requires in order to fulfill its communication and transportation laws, like reporting who and where you are every time you unlock your phone.