Lithuania’s Defense Ministry’s National Cyber Security Centre released a report in the week discussing three smartphones. OnePlus, Xiaomi and Huawei produced these devices. Each of those brands were included in the study thanks to their home base (China), and therefore the indisputably the fact that they’re selling phones in Lithuania. The results are of worldwide importance since we’re also talking about brands that sell smartphones worldwide.
The Huawei smartphone within the study released in the week was the Huawei P40 5G, and therefore the OnePlus device was the OnePlus 8T 5G. Analyzation of the Huawei device found that the device’s official App Store had a security vulnerability in handling automatic redirection to a 3rd-party email system. The study found “no cyber security vulnerabilities” on the OnePlus device.
The Xiaomi device had some serious potential for not only security issues but censorship through capture and transmission of “up to 61 parameters about the user’s actions on the phone.” within the Xiaomi Mi Browser (web browsing app on the phone during this analysis), a “Sensor Data API” tracked the subsequent parameters (and more):
• Cookie Status,
• Search Optimization Switch
• Subscription
• User Tab Games
• User Tab News, User Newsfeed, First Enter NewsFeed Way
• Enhanced Incognito Switch, User Incognito Mode
• Personal Service Switch
• Clear History Switch
• Feature Report Switch
• History Sync
• Bookmark Sync
• No Track Switch
• Autocomplete Switch
• Browser Install Referrer
• APK Name
• EID
• Miui Region
• Log Mi Account
• Platform
• Experience Improve
• Feed Default Channel
• APP Boot, App Boot Third Party, First AppStart, First AppStart Third Party
• Protection Type
• Browser Ads
• Personalized Services, Miui Personalized
• Adblock Show Notification, Adblock Switch
• User Login, Facebook Notification, YouTube Signin
• User Click Interest
• User Push Agree
• User Checkbox 4G
• User Desktop Mode
• User Data Save Mode
• User Night Mode, User Dark Mode
• User Download Videos
• Icon Reddot Status
• Language Browser
• Log Mi Account
Analysis suggested that the Xiaomi device had the technical capability to “censor the content downloaded thereto .” an inventory of keywords and phrases appear within the phone during a list in Chinese characters. Some samples of keywords and phrases are included within the list (translated here to English):
• 89 Democracy Movement
• Islamic League
• Front of spiritual Believers
• Free Tibet
• Women’s Committee
• Voice of America
• Palestine Liberation Organization
• People’s News
• Christian Charismatic Mission
This study showed data sent to China from built-in apps like Security, Mi Browser, Cleaner, MIUI Package Installer, Themes, Music, and Downloads with “MiAdBlacklistConfig.”
“We found that the content filtering function was disabled on Xiaomi phones sold in Lithuania and didn’t perform content censorship, but the lists were sent periodically. The device has the technical capability to activate this filtering function remotely at any minute without the user’s knowledge and to start out analyzing the downloaded content,” said Dr. Tautvydas Bakšys, a researcher at the National Cyber Security Center at the Lithuanian Ministry of National Defence. “We don’t rule out the likelihood that the list of blocked words might be compiled not only in Chinese but also in Latin characters.”