One of the major news firms of Norway, NRK reported about an issue where some units of Nokia 7 Plus were sending personal information to a Chinese server.
It was found in the report that personal information about device, including GPS coordinates, SIM card number and device’s serial number were being transferred unencrypted to a Chinese server. The data was transferred whenever the phone was switched on, screen was on, or the phone was unlocked.
The domain of the server is vnet.cn which is the CNNIC or China Internet Network Information Center. The owner of the domain is China’s state-owned China Telecom.
Here are the types of information that were sent to the Chinese servers:
- IMEI1 and IMEI2 – the device’s unique serial number;
- SIM1CELLID – ID of the base station the device is connected to;
- SIM1LTEIMSI – ID of the 4G network user;
- SIM1ICCID – SIM card identification number;
- MACID – MAC address (unique identification number) of the WiFi.
Here’s what HMD Global had to say on the issue:
We have analyzed the case and can confirm that there has been an error in the packing process of software in a single batch of a telephone model, which by mistake attempted to send activation data to a foreign server. The data was never processed and no personal information was shared with third parties or authorities.