Tests on Xiaomi, Huawei and Samsung smartphones
As part of the research, tests were carried out on new phones from popular manufacturers based on the Android operating system. We are talking about the brands Xiaomi, Huawei and Samsung. Researchers have noticed that some applications that are installed on phones a priori (originally by the manufacturer) are able to constantly collect data and send it to the manufacturer's servers. For example, it can be a camera application, messenger or notepad. In addition, these software are often in ROM (Read Only Memory) and are read-only, and therefore cannot be removed without administrator privileges.
It also turns out that the application does not have to be launched by the user even once to be able to send data about him. It is enough that it is in the phone's memory.
Operator Toya warns users against fake e-mailsScientists have noticed, for example, that Samsung smartphones are equipped with the LinkedIn application as a base. The user does not even have to run it for it to constantly send information to Microsoft servers. All thanks to hard-coded software that collects telemetry data about the device. They contain details about the phone's unique ID and the number of installed Microsoft apps. However, this is not all, because this data is made available to external analysis providers, and more specifically Google Analitcs.
The sending of user information, however, is not the domain of Samsung phones only, because the same practice has been observed in the case of Xiaomi devices. Smartphones produced by the Chinese manufacturer provide timestamps with every user interaction. Google Analytics also receives a notification whenever a user sends an SMS.
Google warns against cyberattack against journalists and politiciansAlso tests on Huawei devices resulted in disturbing results. These smartphones come pre-installed with Microsoft's SwiftKey app, which provides keyboard usage reports for any device app.
"Serious Privacy Issue"
Researchers have noticed that the data obtained by applications is not enough to identify a specific user. However, when put together, they can form a kind of "fingerprint" defining the pattern of user behavior.
A new feature on Instagram will offer the user a break from the applicationSome logging of events is probably justified and can help, for example, in early detection of application performance problems (slow performance, excessive battery consumption, etc.) However, persistent and detailed recording of user activity can quickly turn into into an invasive and serious privacy problem, the research report says.
Twitter introduces new feature to remove followersIt has been known for a long time that information is incredibly valuable to software and electronic equipment manufacturers these days. Until now, however, there was a belief that when the user wants, he can take care of his privacy, unfortunately, it turns out that such a possibility can only be a pipe dream and an illusion.