Nokia phones caught sending sensitive customer information to China
What's the story
HMD Global, the company that owns the Nokia brand, has been accused of sending sensitive customer information from its devices to China. The claim has been made by Norway's public broadcaster NRK on the basis of its own analysis and a report from a Nokia 7 Plus owner. HMD later acknowledged the 'error' but said the issue has been resolved. Here's all about it.
Issue
Data sent to Chinese servers
Since acquiring rights from Microsoft in 2016, HMD Global has been making Nokia phones. The devices have done well, but just recently, NRK reported the case of a Nokia 7 Plus user who said his device was sending information to a specific third-party. The user claimed his phone sent information like location, SIM card number, phone serial number to an unknown server without permission.
Information
Later, NRK verified the information was going to China
Following the report, NRK carried out an investigation, only to learn that the server in question was located in China, where Foxconn assembles Nokia phones.
Investigation
Now, Finland's data protection watchdog has launched an investigation
In the wake of these claims, Finland's official data protection watchdog has launched a probe into the company. Reijo Aarnio, an official from the organization, told Reuters they're looking to assess if the breaches compromised any kind of "personal information and if there has been a legal justification for this." HMD, on the other hand, denied the case of a personal information leak.
Nokia's stance
What Nokia says on the matter
Nokia acknowledged the issue to NRK, noting that the problem had occurred on "an unspecified number of Nokia 7 Plus phones." Speaking to Reuters, a spokesperson for the complain said "an error in [the] software packaging process in a single batch of one device model" caused the issue, but reaffirmed that "no personally identifiable information has been shared with any third party."
Information
Apparently, the data went to Chinese telecom giant
Nokia claimed "the data was never processed and no person could have been identified" but refrained from providing details about the recipient server. However, NRK's own findings indicated the server was under the domain "vnet.cn," which is said to be managed by China Telecom.
Problems
The issue has been fixed, but Nokia could face fines
Nokia emphasized that affected Nokia 7 Plus models have been fixed with a software patch issued in February. The company said nearly all phones have installed the fix, but considering the GDPR laws which went into force last year, it could face fines for sharing data without consent. It will all depend on what comes out as a result of this probe.