Henrik Austad, a Nokia 7 owner was monitoring traffic from his phone. To his surprise, the device was sending unencrypted information to somewhere in China. The information being sent included the device’s location, his phone’s serial number, and SIM card number.
According to NRK, Norwegian public broadcaster, the data was sent to a Chinese server under the domain “vnet.cn”. Further investigation revealed that the domain is part of the state-owned telecommunications company, China Telecom. HMD Global reportedly admitted to NRK that it was sending data to China, but said it was due to a software error and that the issue was resolved in a January software update. The Finnish company also claimed that the phones did not send any sensitive information that could identify owners, according to the infographics that the company has released on its website:
Reijo Aarnio, the Finnish Ombudsman (public advocate) for Data Protection, said that he would investigate if any data breaches occurred and if legal action had to be taken. He implies that it could be a violation of the European Union’s General Data Protection Regulation (GDPR) legislation, and if found guilty, HMD Global could end up with some really stiff penalties. (Source: Digital Trends, NKR, Reuters)