Unfortunately, the stereotype of Chinese brands seeking to steal or at least procure your data by any means is set to continue after reports that certain European Nokia 7 Plus phones have been secretly sending detailed user data and information to China.

The reports come from Norwegian news site NRK (via /r/Android, Android Authority) with the Scandinavian publication claiming that on-device data such as GPS location information, telephone number, and device serial numbers (it’s not clear if this included IMEI details) were being beamed back to a Chinese server.

This is all pretty scary stuff, as this chunk of information would allow those prying eyes to effectively keep tabs on your location all in real-time. Every time one of the affected Nokia 7 Plus devices was powered on or the display was enabled or unlocked, geographical position, as well as the SIM card number and mobile serial number, were sent back to a server in China.

The server has a vnet.cn domain, which NRK investigated and found was owned by a China Telecom — the state-owned telecoms company. They then tried to contact China Telecom to better understand who managed the server but were unable to get any further information.

It’s believed that this may have been a slip-up by HMD Global, as these Nokia 7 Plus units may have been initially intended for China and not the European market. HMD Global refused to make comment to NRK on the matter.

Further digging has unearthed similar code on Github by non-other than Qualcomm. The only other clue comes courtesy of security researcher Dirk Wetter, who claims the offending APK package sending this data to China is named “com.qualcomm.qti.autoregistration.apk.”

HMD Global has since confirmed with NRK that this data sharing issue has only affected a “single batch” of Nokia 7 Plus devices. It’s also worth noting that since this has come to light, the infringing application has since been removed from the devices supposedly affected.

The Finnish data protection ombudsman has also weighed in on the matter, confirming that it will too be investigating this user data breach. This may pose bigger problems for HMD Global and Nokia, as this points to a clear breach of GDPR data protection laws.

More on Nokia:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Damien Wilde

Damien is a UK-based video producer for 9to5Google. Find him on Twitter: @iamdamienwilde. Email: damien@9to5mac.com

Damien Wilde's favorite gear