https://safirsoft.com Security audit raises stern warnings about Chinese smartphone models

The audit flagged Xiaomi and Huawei but it's licensed to OnePlus. The Lithuanian National Cyber ​​Security Center (NCSC) recently released a security assessment of three new Chinese-made smartphones - Huawei P40 5G, Xiaomi Mi 10T 5G and OnePlus 8T 5G. US buyers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com - but given the results of the NCSC security audit, we won't provide direct links to these phones.

The Xiaomi phone includes software modules specifically designed to disclose information to Chinese authorities and monitor the media on topics deemed sensitive by the Chinese government. Huawei phone replaces the standard Google Play App Store with third-party alternatives that NCSC can repackage and malicious popular apps. With 10, but can be upgraded to 11. OnePlus 8T with Android 11 installed only ships from the factory. "src=" https://safirsoft.com/picsbody/2109/10457-1.jpg "alt=" https://safirsoft.com Security audit raises stern warnings about Chinese smartphone models "> Huawei P40 still running Android 10 while Xiaomi offers 10 But it can be upgraded to 11. Only OnePlus 8T is factory-installed with Android 11. NCSC

OnePlus 8T 5G – Arguably the most popular and best-selling one of these three phones was the only one that didn't work.NCSC review uploaded without any Red flags.

Xiaomi Mi 10T 5G

The NCSC has discovered that seven Xiaomi phone system default apps can monitor media content to prevent user access, using a regularly downloaded JSON file. NCSC discovers seven system default apps that a Xiaomi phone can control media content to block User using frequently downloaded JSON file Lithuanian NCSC sends Xiaomi Mi 10T 5G with a non-standard browser called "Mi Browser" The NCSC found two items in Mi Browser that they didn't like - Google Analytics and a lesser known module called Sensor Data, and it can then send this data to Xiaomi servers to analyze and use Unspecified Advertising

The NCSC detected that the sensor data module collects statistics about 61 parameters of program activity, including application activation time. Fadha, etc. These statistics are encrypted and sent to Xiaomi servers in Singapore, a country not covered by EU General Data Protection Act (NCSC) and are linked to excessive data collection and abuse of user privacy.

NCSC also silently records a user's mobile phone number on Singapore servers via an encrypted text message when X virtual cloud services are activated iaomi. The mobile phone number is sent regardless of whether the user has connected it to a new cloud account, and encrypted SMS is not visible to the user.

Several Xiaomi system apps on Mi 10T 5G are regularly downloaded from a file called MiAdBlacklistConfig from Singapore servers. In this case, the National Center for Sports Security found 449 cases identifying religious, political, and social groups. In the software categories, Xiaomi apps use MiAdBlackListConfig to analyze the multimedia that may be viewed on the device, and block “inappropriate” keywords if they are associated with that content. It's inactive on EU-registered phones, and the phones still regularly download the blocked list themselves - and according to the agency, they can be reactivated at any time remotely.

Huawei P40 5G

NCSC has found that users who search for apps in Huawei AppGallery are often redirected to untrusted third-party repositories. NCSC discovered that AppGallery Huawei users search, often for untrusted third Party repositories for software infrastructure — and for good reason.

The most obvious problem with the P40 5G is that it has replaced the Google Play Store with the Huawei-owned AppGallery Store, which is "a safe place to get all your favorite apps." "NCSC has detected that if a user searches for AppGallery for a specific app, it will be silently redirected to third-party app stores if it doesn't match AppGallery.

Includes Apkmonk, APKPure and Aptoide, but is not limited to. CNC Machinist Tapping Calculator and “Messenger, an all-in-one light, free Chat Free Pro app.”

We're not sure how much salt we're taking with the specific results of the NCSC "Malware" program because the agency hasn't reverse-engineered any of the software The three that VirusTotal didn't like - and lesser quality false positive antivirus is known to happen with some requests, however, AppGallery's seemingly muted link to third-party app stores poses a real risk of device penetration.

Although Apkmonk, APKPure and Aptoide are all reasonable “alternative stores” well known, “Google’s Play Store is fully managed. Aptoide, for example, offers both of its main repositories – which are configured and scanned Optical and similar to a secure Play Store.But Aptoide also makes it easy to host APK repositories for anyone who wants to upload themselves - whether they want to copy APK files that may disappear from the Play Store, or the developer who owns the original software.

Easy to build repository In Aptoide - and the proliferation of stolen and cracked apps in user repositories - reckless "purchasing" by less knowledgeable users becomes a serious security risk, especially when those users don't realize they gave up on basic security in the first place.

Even users who They don't look for anti-theft software They may inadvertently deal with the added "legality" of repackaging malware or copying legitimate software.Resign the modified or copied software with the loader key.

Conclusion

Based on To the NCSC results, there does not appear to be a problem with the OnePlus phone - this Not surprising, given that only the brand is ree, which is negatively reviewed, and frequent non-Chinese governments are not included.

Enterprising consumers and/or Google-haters in particular may be reasonably interested in the Huawei P40, which appears to suffer more from a lack of malware. Prevent security guards from direct surveillance and/or spyware. Finally, we highly recommend that you avoid the Xiaomi Mi 10T. Which should not simply be ignored.

Security audit raises stern warnings about Chinese smartphone models
security-audit-raises-stern-warnings-about-chinese.html

https://safirsoft.com How hackers hijacked thousands of important YouTube accounts

How hackers hijacked thousands of important YouTube accounts

The wave of attacks has turned manufacturers' channels into cryptocurrency scams.

At least since 2019, popular YouTube channels have been tak...

https://safirsoft.com Passengers will not be able to travel after the NHS vaccine passport goes offline

Passengers will not be able to travel after the NHS vaccine passport goes offline

The power outage lasted about 4 hours and caused problems with the health program.

Britain's COVID Pass card system was suspended for hours o...

https://safirsoft.com Verizon Visible Wireless Verifies Compromised Customer Accounts

Verizon Visible Wireless Verifies Compromised Customer Accounts

Visible customers are confused when they see hackers from their account.

Several Visible Wireless subscribers reported having their accounts ...

https://safirsoft.com Hacker X - The American Who Created The Pro-Trump Fake News Empire - Disguises

Hacker X - The American Who Created The Pro-Trump Fake News Empire - Disguises

He was set to make fake news but now he wants to fix everything.

This is the story of the mastermind behind one of the largest "fake news" op...

https://safirsoft.com US government sues contractors to cover up abuses

US government sues contractors to cover up abuses

The Civil Internet Fraud Initiative allows data breaches to be reported to government contractors. The latest violation of the Civil Initiative on Cyb...
https://safirsoft.com Twitch admits to a massive leak that reveals source code and manufacturers revenue

Twitch admits to a massive leak that reveals source code and manufacturers revenue

Twitch confirms the information breach but is investigating the matter fully.

Twitch's live video streaming service has been hacked and 125GB...