Analysis

Is your Chinese smartphone spying on you?

It really might be — just not in the way you think

What if you could get a top-of-the-line Android phone equipped with the latest processor and loaded with slick new features at a steep discount? There's only one catch: It's a Chinese smartphone and the Chinese government could use it to spy on you.

These security concerns have led America's intelligence agencies to warn against using Chinese smartphone-makers Huawei and ZTE. "[A Chinese smartphone] provides the capacity to maliciously modify or steal information," FBI Director Christopher Wray told Congress last week. "And it provides the capacity to conduct undetected espionage."

So: How legitimate are these concerns? They're certainly not unfounded, but they're also more complicated than Wray's testimony alone lets on.

It's true that China has long been the most aggressive nation-state hacking U.S. businesses and the government. From stealing plans for the advanced F-35 stealth fighter to State Department files, Chinese hackers have made off with invaluable trade secrets, sensitive government data, and personnel records.

But it's also highly unlikely that the Chinese government has taken a sudden interest in hacking into the devices of ordinary Americans. That's not China's style. The country's hackers have demonstrated that their primary focus is on stealing military and trade secrets so it can rapidly develop its armed forces and key industrial sectors.

Chinese smartphones have also come under a lot of criticism for spyware. Over the last several years, there have been multiple discoveries of malware loaded on Xiaomi, Lenovo, Huawei, and other Chinese smartphones.

In 2016, for instance, the mobile security firm Krytpowire uncovered Chinese malware on as many as 700 million budget Android devices. Hidden in a benign support app, the pre-installed, third-party software would secretly send full text messages, contact lists, call history, location data, and other sensitive information to a server in Shanghai every 72 hours. The offending company, Shanghai Adups Technology Co., was reportedly using the data to tailor advertising to users; it claimed the app was only intended for the Chinese market and that a small number of America-bound phones were loaded with it due to a glitch.

Chinese malware hidden in smartphones certainly sounds suspicious, but it's hardly a smoking gun. After all, the greatest threats that computers and mobile devices around the world faced in the past year, Spectre and Meltdown, stemmed from security flaws in American-made chips.

But in the Adups example lies the real problem with Chinese smartphones: data.

For phones to function properly, many core processes require access to your location data, calls, and messages. This is as true of the humble Huawei Honor 7 as the elite Apple iPhone X. So while many Chinese smartphones don't actively use any Chinese apps, as the Adups case reveals, they still have firmware and other relatively innocuous pre-loaded background software that communicate with servers in China.

And unlike America, China lacks data protections.

"The line between private companies and state institutions is often quite blurred," said Maya Wang, a researcher from Human Rights Watch. "In theory, there are protections on citizens' data, but in practice there are no controls about how this data may be used."

Chinese tech companies play a central role in the government's far-reaching surveillance apparatus that closely monitors what its citizens are doing and saying online. Under China's sweeping cybersecurity law, companies are required to give authorities full access to its data upon request.

So when it comes to Chinese-made smartphones, the worry is less about nefarious hackers hiding malware on phones, and more about where data from mundane apps is going.

When a person sets up their new phone and taps "I agree" on the confidentiality agreement, they are essentially handing over their personal data to whoever made their phone. And when in comes to Chinese companies, that might be a mistake.

Recommended

Biden gets thumbs up from Macron
Emmanuel Macron, Joe Biden.
welcome back

Biden gets thumbs up from Macron

China's U.K. embassy scoffs at G7
Angela Merkel, Joe Biden, Jake Sullivan, Jan Hecker.
those days are over

China's U.K. embassy scoffs at G7

10 things you need to know today: June 12, 2021
G7 leaders.
Daily briefing

10 things you need to know today: June 12, 2021

The ransomware epidemic
Gas tanks.
Feature

The ransomware epidemic

Most Popular

7 toons about the Dems' Joe Manchin problem
Political Cartoon.
Feature

7 toons about the Dems' Joe Manchin problem

Bad for Democrats. Good for democracy?
A voter.
Picture of Joel MathisJoel Mathis

Bad for Democrats. Good for democracy?

Harry and Meghan insist they asked queen about daughter's name
Prince Harry and Meghan Markle
royal drama

Harry and Meghan insist they asked queen about daughter's name