Would you give up your privacy for a cheaper smartphone?
The smartphone has now become our life companion, a must-have item that accompanies us from morning when we wake up in the evening when we get to bed (sleeping at our side in many cases). They spend the best moments with us, immortalizing them in beautiful photos and comfort us by connecting us to our friends in the worst moments. But can we really trust them? Does they keep something hidden from us? Can we really give the smartphone access to all the details of our lives without risk?
"Cheap smartphones are getting good and good smartphones are getting cheaper," said the famous YouTuber Marques Brownlee, who defines the trend we have seen in recent years. How could it go wrong?
Cheap smartphones are becoming better
The first bargain-basement Android smartphones were dogged by slow performance and unreliability but those times have passed by now and now any smartphone is able to meet the essential functions and even many extras in everyday life.
Even Android smartphones from little-known Chinese companies, usually of lesser quality than the competition, have now made the leap in quality and nowadays we can take home a smartphone with FullHD display, a double camera and a LTE data connection for under $200. At this figure, years ago, we could aspire to a smartphone with only basic functions and it took all our reserves of patience and calm to actually use the clunky thing.
Mid and low end smartphones share a metal unibody or glass case with top-of-the-range smartphones. There are cheap smartphones with bezel-less displays, fast fingerprint readers and even 6 or 8GB of RAM, not that there was a real need. What is usually lacking is the power and responsiveness that distinguishes the top-of-the-range as well as of course cameras with higher quality and high definition displays.
Good smartphones are becoming cheaper
On the other hand, it's equally true that we can find smartphones with the same competitive hardware as the most popular top-of-the-range ones at much lower prices, for example with Xiaomi Mi MIX 2 and OnePlus 5T. Yes, it's true, maybe we can't count on edge displays like the Galaxy S8, we don't find super resolute panels like that of Xperia XZ Premium or maybe we don't find all the extra functions given by artificial intelligence as happens on Google Pixel 2.
However, these smartphones can all hold their own with impeccable performance, brightly colored displays (although perhaps a step further down in resolution), eye-catching aesthetics and cameras worthy of the name. Sometimes they can also boast of software updated faster than the big players in the industry, which can be a big advantage from the user's point of view.
OnePlus 5T, thanks to its strengths, positions itself head-to-head with the industry's big players and the sales record announced by co-founder Carl Pei on Twitter confirms how top-of-the-range smartphone features at a discounted price can make a difference.
This discount can sometimes cost us dearly
Sometimes, behind these super cheap prices and these smartphones that look like unmissable offers, there are some really unpleasant surprises. I'm not just talking about small hardware flaws such as the fake second camera in the Doogee Mix or disappointing performance. I don't mean software that will never be updated or stays full of bugs and problems. This is about the lack of security when it comes to our data.
It is not the first time, in fact, that Chinese smartphones from little-known companies are surprised with their hand in the cookie jar while sending our data without consent to servers rented in Asia. This is usually done with pre-installed system applications and sometimes you can block these apps by uninstalling them.
Other times these processes, whose sole purpose is to spy on the use of the smartphone and the internet, are hidden and rooted within the system itself and it is impossible to control them from the user end.
By relying on the best known brands, we are safe.... right?
Well, ok. So you resolve not to buy any smartphones of dubious origin, no matter how tempting the price. But sometimes this may not be enough. Recently, even more well-known companies such as Wiko and OnePlus have had some problems with the privacy of their users.
<Thread> Hi @WikoMobile 👋! Let's talk about the ApeSaleTracker and ApeStsMonths apps found in your phones.— Elliot Alderson (@fs0c131y) November 19, 2017
These apps are pre-installed system apps which send regularly and silently the user infos to a Chinese 3rd party called Tinno by HTTP or SMS without user consent
It was recently discovered that the French company Wiko pre-installed applications inside some of its smartphones that collected some smartphone data to send them to the servers of the Chinese company Tinno without the knowledge of the user.
Wiko confirmed the collection of data with an official statement on its website and stated that the Sales Tracking System (STS) will be disabled and replaced with a new, more discreet sales tracking system. However, it denied that the data was sent to Chinese servers as stated by the Twitter user @fs0c131y, who first raised attention to the problem. Our French colleagues at Frandroid have followed the matter closely and gone into more detail.
And your beloved OnePlus? Well, problems with OnePlus have only been multiple in the last few months of this 2017. The company collects smartphone usage data for improving Oxygen OS and this is quite normal. Keeping track of the applications used, the WIFI networks to which smartphones connect and all the various OS activities are part of the data collection useful to companies and almost all of them collect this information. The problem is that OnePlus also collected the IMEI code, telephone number and telephone networks to which its smartphones were connected into its database, making this so called "anonymous" data usage information very easily identifiable indeed.
The data was divided into two different streams: the first with usage information and the second with device data. Carl Pei said the company will stop collecting sensitive data and smartphones will be updated to fix the problem. In addition, he said that it is possible at any time to stop transmitting data using the first stream by disabling an appropriate entry in the settings. But it does not end here.
<Thread> Hi @OnePlus 👋! How are you today? Let's talk about the OPBugReportLite found in your phone.⁰This app is a pre-installed system app which sends silently, every 6 hours, the battery stats, kernel panics, watchdogs, ANRs and all crashes of your device to Singapore.— Elliot Alderson (@fs0c131y) November 21, 2017
A few days ago @fs0c131y reported that another application pre-installed inside OnePlus smartphones collected additional data such as battery statistics, panic kernels and other system information, sending it every 6 hours to a server located in Singapore.
Not only that, after further investigations on the subject, it has been discovered that the configuration of this application can be changed remotely and contains methods (not currently used fortunately) to send information about GPS (TYPE_LOGGING_GPS), bluetooth (TYPE_LOGGING_BT), information about the camera (TYPE_LOGGING_CAMERALOG) and the media you watch or listen to (getMediaFile).
We contacted OnePlus for an official statement on this, but the answer we were given is that the company representatives are too busy promoting OnePlus 5T on the European tour to comment. Of course, the matter is still open and we will come back to it when new information becomes available and when OnePlus issues an official statement on this issue.
Google is no angel, either
The Mountain View company also ended up in the eye of the cyclone as it was discovered that despite the deactivation of localization in Android smartphones, devices continued to collect data on nearby cell phone towers, allowing for another type of user localization. Google stated that the collection began in 2017 but the data were immediately discarded and never used in any way. The company said that this data collection would be done in an attempt to improve the sending and speed of receipt of notifications of Android smartphones on the data network but that the project was abandoned and not completed.
The collection of CellID has already been deactivated, but according to some British and Korean government agencies this is an invasion of privacy because, if a person decides not to be located, the collection of this type of information violates the rights of the user. Google is still not officially under investigation but further information has been requested, but in my opinion it is not as alarming the violations of trust made by OnePlus and Wiko.
Is our privacy in danger?
Well, yes and no. The answer depends very much on your conception of privacy.
Most companies collect anonymous smartphone usage data by grouping statistics on battery, installed applications, crashes and much more. However, this data is anonymous and is not linked to any phone number, Google account or anything else that may link the data to a specific user. This makes the collection and sending of data possible without identifying a particular person, but it may not be enough for some.
For example, my concept of privacy isn't very extreme and I am willing to share my usage data and also some of my personal information if this can help improve my experience as a user. That's why I have no problem keeping all my Google accounts synchronized, using Google Photos to back up my shots and I have no problem keeping GPS location active by sharing it with some apps and services. All this is fine provided I am aware of what I am sharing.
Sending my data for the purpose of creating statistics, improving the services offered by a particular company or simply for the sale and financing of a manufacturer is fine provided that I be notified and able to choose whether to take part. I believe that many people like me do not have any problems sharing information, but only with our express consent.
When this invasion of privacy occurs silently, invisibly and without choice, it means that something shady is about to be done with my data and that's not good for me at all. For this reason, I prefer to continue using services that use all my information but make it available to me and I avoid companies that have problems with transparency.
However, if you choose to use an internet-connected smartphone (whatever the brand or operating system) you have to consider that a lot of data will be shared and this is really unavoidable.
What do you think about it? What is your idea of privacy? Do you take special precautions to secure your data on the internet and smartphone?
No man Never I hate it. Chinese Brands are making a very bad Choice...
Edit by Admin: Link to external site removed.
privacy, like truth is the perfect modern oxymoron..
your data now belongs to the highest bidder..
which unfortunately includes the sort of people who value (golf) power, wealth and influence above all else..
if you don't like the current situation tough because your vote means nothing..
welcome to the future of.. presidential tweets and "fake news" all conveniently available in the palm of your hand..
As an infosec professional, it sickens me to think of the level of effort one must spend to <try to> fend-off app permissions, bloatware, and system snitches (et tu, google). It's not just the cheap phones - they just don't cover their tracks as well as the fancies. The way I see it, I buy the hardware, provide energy for the thing to run, and bandwidth for it to operate. Taking anything from it without my knowledge and express permission is a trespass. The OS and Apps are free? Maybe on paper, but surreptitiously grabbing data is not quid-pro-quo and its naive to think it'd be any different if money changed hands. Yes, it's all around us, but I'm concerned enough to care about information and intrusive behavior, no matter how "small" or tolerable it might seem to others. Oh, and I blocked 15 trackers with hooks in the water around this web page.
Shoot, most people give up their "privacy" on a daily basis, without even trying. Swipe a bank card, walking around an area with traffic or safety cameras, not to mention anything online, or apps on their phones.
2018 is going to be a very different year with phones,if the companies keep upgrading there price of there Smartphones,Apple seem to start a trend the others have to follow,after Apple over priced there iphone X,it will get the rest to do the same,especially Samsung who always copy anything Apple can get away with,but this is really going to anger loads of phones users,who will finally get up with Apple and Samsung,an switch to phones they really can afford,with the Quality of Chinese phones getting better,loads will be buying these phones instead ,Sim Deal contracts will be getting more popular than phone contracts,as no phone deserves a £900-£1,000 price
All I want is complete OEM transparency about preinstalled apps and Google Play transparency about downloaded apps regarding data collection, especially when it's not active. As for "terms of service" assurances that personal data will be anonymized and aggregated to improve user experience, those terms of service and a ticket will get you a ride on a bus - ToS can be changed unilaterally or violated by the service provider without notice and any minute. Give me Big Government and not the Trump FCC to protect users on this stuff.
(I do think and hope that, along with saving battery life, Greenify is shutting down background data collection when it "hibernates" snoopy apps. But now Google tells us Greenify and other useful apps are violating idiotically labeled "Accessibility" service requirements because end-users have to be in a wheelchair or use a white cane for a developer to adjust the user interface a little. Who decided that a little more contrast or larger screen font or any other screen tweak should require a medically diagnosed disability of end-users? I like some "Accessibility" settings on a sunny day and I'm healthy as horse.)
When Google itself is collecting personally identifiable data then why this article emphasises only on cheap smartphones. Other than Russia and China Google services forms the core of Android smartphones.
because in general there is a difference if they tell me they collect my data (as Google normally does) or if they do it behind my back (as a lot of cheap chinese smartphones do). Yes, Google has screwed up in terms of the collecting of locations without the consent of the users, absolutely, but that is normally not the norm for Google. That doesn't mean though that they do not collect a lot of data you of course.