Nokia 7 plus phones have been hidden sending personal information to China. Finland has started an investigation after NRK’s ​​disclosure.

As per NRK’s reports, The end user’s phone number, GPS location, mobile phone IMEI number has sent to the Chinese server. Every time when Nokia 7 plus devices were powered on or Unlocked the information sent to the server. Moreover, the data packages were in an unencrypted format that is more horrify.

NRK investigated and found the server domain vnet.cn. Vnet.cn domain is own by China Internet Network Information Center( China Telecom).

Likely, that this is an application intended for the Chinese market but which has been accidentally distributed to Nokia 7 Plus phones outside China’s borders. HMD Global refused to make comment to NRK on the matter.

Further more, uncovered code on Github by non-other than Qualcomm.
The only other clue comes courtesy of security researcher Dirk Wetter, who claims the offending APK package sending this data to China is named “com.qualcomm.qti.autoregistration.apk.” He had also investigated the network traffic to his Nokia 7 Plus, and saw the same remarkable packages.

Ok, I got the culprit. It’s “com.qualcomm.qti.autoregistration.apk” which must have been installed by the system

~4 weeks ago.

@Dirk

Finally, HMD Global has confirmed with NRK that this data sharing issue has only affected a “single batch” of Nokia 7 Plus devices. It’s also worth noting that since this has come to light, the infringing application has since been removed from the devices supposedly affected.

LEAVE A REPLY

Please enter your comment!
Please enter your name here