Is your Chinese smartphone spying on you?
It really might be — just not in the way you think

What if you could get a top-of-the-line Android phone equipped with the latest processor and loaded with slick new features at a steep discount? There's only one catch: It's a Chinese smartphone and the Chinese government could use it to spy on you.
These security concerns have led America's intelligence agencies to warn against using Chinese smartphone-makers Huawei and ZTE. "[A Chinese smartphone] provides the capacity to maliciously modify or steal information," FBI Director Christopher Wray told Congress last week. "And it provides the capacity to conduct undetected espionage."
So: How legitimate are these concerns? They're certainly not unfounded, but they're also more complicated than Wray's testimony alone lets on.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
It's true that China has long been the most aggressive nation-state hacking U.S. businesses and the government. From stealing plans for the advanced F-35 stealth fighter to State Department files, Chinese hackers have made off with invaluable trade secrets, sensitive government data, and personnel records.
But it's also highly unlikely that the Chinese government has taken a sudden interest in hacking into the devices of ordinary Americans. That's not China's style. The country's hackers have demonstrated that their primary focus is on stealing military and trade secrets so it can rapidly develop its armed forces and key industrial sectors.
Chinese smartphones have also come under a lot of criticism for spyware. Over the last several years, there have been multiple discoveries of malware loaded on Xiaomi, Lenovo, Huawei, and other Chinese smartphones.
In 2016, for instance, the mobile security firm Krytpowire uncovered Chinese malware on as many as 700 million budget Android devices. Hidden in a benign support app, the pre-installed, third-party software would secretly send full text messages, contact lists, call history, location data, and other sensitive information to a server in Shanghai every 72 hours. The offending company, Shanghai Adups Technology Co., was reportedly using the data to tailor advertising to users; it claimed the app was only intended for the Chinese market and that a small number of America-bound phones were loaded with it due to a glitch.
Chinese malware hidden in smartphones certainly sounds suspicious, but it's hardly a smoking gun. After all, the greatest threats that computers and mobile devices around the world faced in the past year, Spectre and Meltdown, stemmed from security flaws in American-made chips.
But in the Adups example lies the real problem with Chinese smartphones: data.
For phones to function properly, many core processes require access to your location data, calls, and messages. This is as true of the humble Huawei Honor 7 as the elite Apple iPhone X. So while many Chinese smartphones don't actively use any Chinese apps, as the Adups case reveals, they still have firmware and other relatively innocuous pre-loaded background software that communicate with servers in China.
And unlike America, China lacks data protections.
"The line between private companies and state institutions is often quite blurred," said Maya Wang, a researcher from Human Rights Watch. "In theory, there are protections on citizens' data, but in practice there are no controls about how this data may be used."
Chinese tech companies play a central role in the government's far-reaching surveillance apparatus that closely monitors what its citizens are doing and saying online. Under China's sweeping cybersecurity law, companies are required to give authorities full access to its data upon request.
So when it comes to Chinese-made smartphones, the worry is less about nefarious hackers hiding malware on phones, and more about where data from mundane apps is going.
When a person sets up their new phone and taps "I agree" on the confidentiality agreement, they are essentially handing over their personal data to whoever made their phone. And when in comes to Chinese companies, that might be a mistake.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Eugene K. Chow is a speechwriter and freelance journalist. He is the former executive editor of Homeland Security NewsWire. Previously, he was a research assistant at the Center for A New American Security, a Washington-D.C. based think tank.
-
'Beyond this damage lies something more insidious'
Instant Opinion Opinion, comment and editorials of the day
-
Hollywood confounded by Trump's film tariff idea
speed read President Trump proposed a '100% tariff' on movies 'produced in foreign lands'
-
Israel approves plan to take over Gaza indefinitely
speed read Benjamin Netanyahu says the country is 'on the eve of a forceful entry'
-
What happens if tensions between India and Pakistan boil over?
TODAY'S BIG QUESTION As the two nuclear-armed neighbors rattle their sabers in the wake of a terrorist attack on the contested Kashmir region, experts worry that the worst might be yet to come
-
Why Russia removed the Taliban's terrorist designation
The Explainer Russia had designated the Taliban as a terrorist group over 20 years ago
-
Inside the Israel-Turkey geopolitical dance across Syria
THE EXPLAINER As Syria struggles in the wake of the Assad regime's collapse, its neighbors are carefully coordinating to avoid potential military confrontations
-
'Like a sound from hell': Serbia and sonic weapons
The Explainer Half a million people sign petition alleging Serbian police used an illegal 'sound cannon' to disrupt anti-government protests
-
The arrest of the Philippines' former president leaves the country's drug war in disarray
In the Spotlight Rodrigo Duterte was arrested by the ICC earlier this month
-
Ukrainian election: who could replace Zelenskyy?
The Explainer Donald Trump's 'dictator' jibe raises pressure on Ukraine to the polls while the country is under martial law
-
Why Serbian protesters set off smoke bombs in parliament
THE EXPLAINER Ongoing anti-corruption protests erupted into full view this week as Serbian protesters threw the country's legislature into chaos
-
Who is the Hat Man? 'Shadow people' and sleep paralysis
In Depth 'Sleep demons' have plagued our dreams throughout the centuries, but the explanation could be medical