Nokia 7 Phones Secretly Send Data to China, Finland Opens Investigation
Finnish owned Nokia is sending cell phone data packages to a Chinese server for an unknown reason.
A report from the Norweigan Broadcasting Corporation (NRK) reveals that some Nokia 7 phones are secretly sending personal data to a server in China.
The report, published on NRKbeta, stemmed from a tip the company received by a man who monitored his traffic on his Nokia 7 plus phone and noticed it was sending off an unencrypted package of data.
When he inspected the package he discovered his SIM card number, the phone’s serial number and his geographical position was being sent to a Chinese server every time his phone was turned on, activated or unlocked. The server his data was being sent to was vnet.cn.
A quick check on WhoIs revealed that vnet.cn was owned by the “China Internet Network Information Center” (CNNIC). However, CNNIC is responsible for all domains under the top-level domain .cn.
NRK contacted CNNIC and were told that China Telecom owned the domain which is a state-owned telecommunications company.
Nokia is a Finnish owned company, begging the question of why would a Finish owned company send data, accidentally or on purpose, to a Chinese server?
According to NRK, the finish company HMD Global signed a ten-year license of the Nokia brand in 2016 but HMD Global has not responded to NRK’s questions of who owns the servers that Nokia phones are sending data to.
Nokia did reveal to NRK that an “unspecified share” of Nokia 7 Plus phones have sent data to the server in China and that a software update was released at the end of February to rectify the situation.
NRK also asked HMD Global if in order to sell phones in China they were required to allow the data collection – a question HMD Global has refused to answer.
The Nokia 7 Plus runs on an Android operating system and was first released in March of 2018. The phone sold out immediately in China, selling 250,000 phones in the first five minutes.
In response to the NRK report, the Finnish Data Protection Authority is investigating whether HMD Global violated any privacy laws and the recently enacted General Data Protection Regulations.
HMD Global told Citizen Truth in an email that they take the privacy and security of their customers seriously and that they looked into this issue.
“We found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones that were not intended to be sold in China. Due to this mistake, these devices were erroneously trying to send device activation data to a third-party server. Such data was never processed, and no person could have been identified based on this data. To be clear, no personally identifiable information has been shared with any third party.
“This error has already been identified and fixed in February 2019 by switching the client to the right country
variant. All affected devices have received this fix and nearly all devices have already installed it. If you
want to check if your Nokia 7 Plus has received the security fix, please follow the step-by-step instructions
below,” HMD Global said in a statement.
Note, this article was updated form the original with a response from HMD Global.