We have another case of Chinese excess in data gathering by its apps, this time a weather app. This time it is from TCL Communication Technology Holdings Ltd., of Shenzhen, China. "The app, called “Weather Forecast—World Weather Accurate Radar,” collects data including smartphone users’ geographic locations, email addresses and unique 15-digit International Mobile Equipment Identity (IMEI) numbers on TCL servers in China, according to Upstream Systems, the mobile commerce and security firm that found the activity."
We saw several cases of Chinese browsers collecting a lot more than this but a common theme seems to be the IMEI number which uniquely identifies a user to the Chinese intelligence services. Citizens Lab at the University of Toronto does some good work in this analysis and I have a couple of previous articles on those. I don't think there is any doubt that the Chinese government is requiring this kind of collection. There are too many instances of apps collecting similar types of information for this to be some company deciding to collect this kind of information on a user. Citizens Lab started with browsers and that demonstrated what was being collected. Once the Chinese get caught, they say they "correct" these apps, but don't believe that. They don't want to be caught collecting data outside of China, but they can route the collection storage to any country and get it in bulk when the time is right. Think about all the apps the Chinese control, many provided with the laptops and cell phones made there.
This calls for a good deal more testing of Chinese apps. A London based security company should not have to be the ones that discover this kind of activity. Our governments should find it and publish the hell out of the results, then ban these apps from use in any product sold in the US. The Chinese are using their software to spy on people outside China. We need to disrupt those kinds of operations and have the Chinese focus on their own country, where it is acceptable.
No comments:
Post a Comment