Security audit raises severe warnings on Chinese smartphone models

[Gandalf_The_Grey]

Content source

https://arstechnica.com/information-technology/2021/09/security-audit-raises-severe-warnings-on-chinese-smartphone-models/

The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass.

The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit.

The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.

The OnePlus 8T 5G—arguably, the best-known and most widely marketed phone of the three—was the only one to escape the NCSC's scrutiny without any red flags raised.

Conclusions

Based on the NCSC's findings, there doesn't seem to be any issue with the OnePlus phone—which comes as little surprise, as it's the only brand of the three which hasn't come under repeated, negative scrutiny from non-Chinese administrations.

Particularly adventurous and/or Google-hating consumers might reasonably be interested in Huawei's P40, which seems afflicted more with a lack of malware-preventing guardrails than with actual directly imposed censorship and/or spyware.

Finally, we'd strongly advise avoiding the Xiaomi Mi 10T—its deactivated but regularly updated blocklist functionality strikes us as a warning of direct authoritarian oversight which should not be lightly ignored.

 

[rain2reign]

This might be an interesting addition:

Some folks at XDA did some digging themselves as well, especially in finding and dissecting this blacklist marked "MiAdBlacklistConfig".

On analysis of the file, I found that the vast majority of the records are actually related to sex, porn, and other smartphone brands. There are mentions of Tibet, Hong Kong, and other religious groups, however, mentions of the CCP and “China” are also included, too (albeit there are a lot fewer mentions of China and Chinese politicians comparatively). One would think that if this were a list that exists to censor content that may go against the Chinese Communist Party, all mentions of “China” would not be censored online.

Xiaomi's secret blacklist of phrases sounds scary, but it may not be what it seems

After Lithuania told its citizens to avoid Xiaomi phones over censorship concerns, we've taken a look to see if the claims have any validity.

www.xda-developers.com

From what I understand they're still dissecting other aspects of potentially related tech, functions etc... Such as Xiaomi browser, Mi Video app and other stuff.