A group of researchers from Edinburgh University published The result of a personal data leakage in Realme smartphones, Xiaomi and OnePlus, supplied for Chinese and global market. In all devices with firmware for sale in China, facts of sending to the servers of collecting additional information, such as user phone number, statistics on the use of applications, as well as location data, imsi (individual subscriber number), iccid (serial number of the SIM card) and surrounding points of wireless access. Additionally, the realme and Xiaomi Redme devices recorded the transmission of the history of calls and SMS.
In firmware for the global market, such activity is not observed with separate exceptions, for example, RealMe devices are sent by MCC (country code) and MNC (mobile network code), and Xiaomi Redme – data on connected Wi -Fi, IMSI and statistics on the use of use applications. Regardless of the type of firmware, all devices are sent by the IMEI identifier, a list of installed applications, a version of the OS and equipment parameters. Data is sent by the user pre -installed by the manufacturer without receiving the consent of the user, without notification of sending and regardless of confidentiality settings and sending telemetry.
In the REDMI smartphone, the data is sent to the TRACKING.Miui.com host and used such an application manufacturer as settings, Note, Recorder, Phone, Message and Camera, regardless of the consent of the user with the proposal of the diagnostic data sending during the initial configuration .
On Realme and OnePlus devices, the data is sent to the hosts Log.Avlyun.com, aps.oVersea.amap.com, aps.testing.amap.com or aps.amap.com.
Of the identified problems, the inclusion of additional third -party applications in the supply of additional third -party applications is also noted, which by default are provided with expanded powers. In total, in comparison with the Android AOSP code base, more than 30 third -party applications preinstalled by the manufacturer are supplied in each review of the firmware.