Members of Australia’s respected IT community are deeply saddened by the Chinese smartphone scaremongering ‘beat-up’ in some local IT media, claiming, “Brands that are of concern are Oppo, realme, Vivo, Huawei and of huge concern are Xiaomi products … regarding spyware and concerns over privacy.”
Said article is a fabrication not based on fact, but selective copying, paraphrasing and myopic embellishment of a Register article, derived from a BBC article, derived from a Reuters Article, derived from a Lithuanian media report (without any attribution!). Those articles did not mention OPPO, realme or vivo, yet the unattributed statements are made:
He claimed that one Xiaomi phone had built-in censorship tools while another Huawei model believed to be an Oppo [sic] smartphone security flaws.
WTF – Recidivist ramblings, Chinese Whispers and personal vendettas.
Here are the Chinese smartphone scaremongering facts
A report titled “Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania. Analysis of products made by Huawei, Xiaomi and OnePlus” (PDF report) found:
STATEMENT: XIAOMI MI 10T 5G and Android 10
Software that could detect and censor more than 499 terms including “Free Tibet”, “Long live Taiwan independence”, or “democracy movement.”
This is a requirement of the CCP (Chinese Communist Party) for all phones sold in China or its Territories. It is disabled in all phones sold outside China.
Factory-installed system applications send encrypted statistical data of specific applications to Tencent servers (Chinese-owned but a significant global cloud server company) in Singapore, the USA, Netherlands, Germany, and India (not China).
Mi Browser uses Google Analytics (a compulsory part of Google Android). This allows browsing and search history to be used by Google.
This functionality is activated by registering the mobile phone into the optional Xiaomi User Experience marketing programme and can be turned off.
Xiaomi products are distributed by Panmi in Australia, [sic] they [sic] are also selling electric bikes and smartphones directly from their own web site [sic].
The official Australian Xiaomi products distributor Panmi is not importing its phones at present. Any you see are grey market, not certified for use here, may not support all Australian 4G networks and likely will not activate on the Australian 5G networks. Panmi commented that the costs of gaining Australian certification for models specifically for Australian networks are prohibitive given the expected sales volume.
Statement: Huawei P40 and Android fork 10 (not Google Android)
The Huawei AppGallery can direct users to third-party e-stores where some applications are malicious or infected with viruses.
AppGallery only collects and processes the data necessary to allow Huawei’s customers to search, install and manage third-party apps. Any apps can exfiltrate data. It cannot be responsible for individual apps inside or outside its store but will remove those with proven malware.
Statement – CVE vulnerabilities in Huawei forked Android
CVE (Common Vulnerabilities and Exposures) identified 144 vulnerabilities in Huawei’s Android fork (28 vulnerabilities from 2020; 23 from H2, 2021). Most related to device functionality disruption. One allowed an attacker to use third-party software to send SMS text from a mobile device when locked.
Huawei cannot use Google Android and uses a free Android fork mainly responsible for unaddressed CVEs. Huawei has developed its Harmony OS, but it is not for use outside China. In any case, the P40 is ‘old metal’, and Huawei is a minor smartphone supplier in Europe (<1% in Q2 2021 – Statistica).
Statement: OnePlus 8T Android 11 all-clear
A OnePlus 8T 5G model released in late October 2020 is the sole Android 11 device. It has no issues.
One Plus is part of the BBK Group comprising OPPO, realme, vivo and IGOO. It uses the same UI base as its siblings, so we can safely assume these are fine too.
Lithuania and China tensions have grown to the extent that both have removed embassies.
The quote attributed to Defence Deputy Minister Margiris Abukevicius commenting on the report, “Our recommendation is not to buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible” is clickbait, a sensational sound bite, not fact.
Phones sold within China or its territories are different models and do not have Google Services or access to its app store. They are subject to Chinese laws and have CCP approved apps and Telco/internet firewall restrictions.
Each country (or region) needs to be sure that its national security interests are catered for. Lithuania’s 2.9 million people (Sydney has a population of nearly 6 million) all buy Chinese made smartphones be it Xiaomi, OPPO, Finland’s HMD Nokia (made by Foxconn that also make Apple) or anything else. These have to be EU GDPR (General Data Protection Regulation) compliant – some of the toughest privacy rules in the world.
These all have Google Android. Xiaomi now ships this device with Google Android 11 and MIUI 12.5, and states it is 100% GDPR compliant – so test results would have been very different.
There is no reason to suspect that Chinese-made, genuine Australian models certified for use on our Telco networks (not grey market) contain spyware or phone home to China.
OPPO and its BBK siblings Vivo and realme operate strictly under Australian Laws and Telecommunications Regulations. We have operations in more than 50 countries and regions around the world. We comply with all local laws and regulations of the countries or regions in which we operate. Over the years we’ve gone above and beyond introducing new features and functionality to improve both security and the overall customer experience. As such, our customers can rest assured their data is and always will be safe and secure. To suggest otherwise is mischievous and deceptive.