What you need to know about your privacy and the alleged “data breach” on Nokia 7 Plus phones

Hi all,  as a lot of you have noticed and there are already some discussions going on for the Nokia 7 plus "data breach" news, I want to share this link with you:  https://www.nokia.com/phones/en_int/privacy-info Please have a look.

What you need to know about your privacy and the alleged “data breach” on Nokia 7 Plus phones

HMD_Laura HMD_Laura
Staff member  /  edited April 24
Hi all, 

as a lot of you have noticed and there are already some discussions going on for the Nokia 7 plus "data breach" news, I want to share this link with you: 

https://www.nokia.com/phones/en_int/privacy-info

Please have a look. You'll find all information there. 

Best regards, 
Laura 

Comments

  • madbilly madbilly
    ✭✭✭✭✭  / 
    Thanks @HMD_Laura, much appreciated that you took the time to post this at the weekend.

    @Khaa Leel I don't think it matters who writes the software. FIH and it's subsidiaries are inescapably linked to HMD through the agreements that were signed when he became the maker of Nokia phones, so Evenwell etc won't be disappearing. The important thing is that HMD must have control of the software, must test and validate it before it's released to customers. I think the bootloader is a separate issue from this data leakage one, though still important.

    Cheers :)

  • Прекрасно!
  • madbilly madbilly
    ✭✭✭✭✭  / 
    @Khaa Leel I don't have much experience of support but lots of people say the same as you. What experience I do have showed me they don't know the software in detail, but I think that's similar for other brands of smartphone. I would really like tech support to join in some of the discussions on the forum, the ones that go on for weeks, because that's where I think we'd all benefit the most.

    Who knows about the bootloader... I think FIH were involved in the Essential phone which I think has a unlockable bootloader so I'm not sure you're right, but you still might be right. I think it it more likely that HMD doesn't want to take the risk with warranty claims yet, or there's something in the Android One rules that prohibits it.
  • Shomi24 Shomi24
    ✭✭  / 
    since yesterday ... I was thinking about this problem that happened to Nokia 7 plus ! I don't have any experience about the technical problems like this ! BUT I hope this problem doesn't affect on Nokia true fans! Everything will be OK ! That's my trust with HMD and Nokia! 🥺❤️
  • mohan reddy mohan reddy
    ✭✭✭  / 
    HMD_Laura said:
    Hi all, 

    as a lot of you have noticed and there are already some discussions going on for the Nokia 7 plus "data breach" news, I want to share this link with you: 

    https://www.nokia.com/phones/en_int/privacy-info

    Please have a look. You'll find all information there. 

    Best regards, 
    Laura 
    That statement addresses the issue at hand but doesn't clear the doubts people had. I think may be details of that specific batch which you've identified or at least the details of where they were manufactured would further reduce the tension and doubts in people's minds.
  • mohan reddy mohan reddy
    ✭✭✭  / 
    Khaa Leel said:
    Something from FIH part definitely has something to do about why the bootloader is locked, maybe they don't want people to dig deep inside their phones who knows.
    Well, as far as I know, almost every phone starts its journey with bootloader locked, that is to prevent innocent customers from the danger of potentially harmful software. Some manufacturers eventually allow users to unlock the bootloader and some don't allow even after they ended the official support for the phone. I don't know why they are delaying roll out of bootloader unlock option but they might have a valid reason.

    If you really want to unlock the bootloader, then try searching in XDA or Google, you'll find various sources to unlock the bootloader for you. Also, I hope you know how to make custom ROMs yourself, you'll need that after you unlock the bootloader.
  • RIP nokia , this gonna be my last nokia device ever. **** nokia 7 plus i wasted 26k on this piece of ****. 
  • Rickname Rickname
    ✭✭  /  edited March 23
    The only thing HMD Global is good at is ruining a well known phone brand. I still miss my Nokia Lumia 1020. :(
  • mynicknameisjosh mynicknameisjosh
    ✭✭  / 
    how about the other nokia phone? does it send unencrypted data too?
  • madbilly madbilly
    ✭✭✭✭✭  /  edited March 23
    @mohan reddy well said! HMD could easily share more details about this. And you make a good point about custom ROMs - currently there are no custom ROMs for HMD Nokia phones, AFAIK.

    @Muser, you're right, HMD should have been open and honest about this when they discovered it. In fact, they should have reported it in 72 hours according to the GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

    I know that HMD has said that there was no personally identifiable information, but I doubt that any data authority will agree that the combination of all those things is not sufficient to identify someone, i.e. they will say that it is indirectly personally identifiable. I think HMD will be better off just agreeing they made a mistake and accepting the fine - people will respect and trust them more if they do that than if they try to argue against it in court.

    @muser who is NBC? The TV channel?

    @rickname there are plenty available on eBay!

    @mynicknameisjosh at present nobody has found any other Nokia phone number by HMD which is doing the same thing. All of HMD's phones send activation data somewhere, but it is encrypted. This case with the 7+ appears to be unique.

    @HMD_Laura the question above should probably be clearly answered in the info page you link in your OP.
  • Muser Muser
    ✭✭✭  / 
    madbilly said:
    @muser who is NBC? The TV channel?

    One of the developers that makes apps for HMD, if you open Settings on your phone and search for something like "com.nbc." you'll see a few. On Chinese variant devices I believe they also develop the music player and file manager apps.
  • madbilly madbilly
    ✭✭✭✭✭  / 
    @Muser thanks, I see it, I hadn't remembered them. Do you know the full company name? Website? Are they owned by Foxconn?
  • todesurteil todesurteil
    ✭✭✭  /  edited March 23
    If I may make a suggestion. The only thing I would assume would put current users at ease is to get a independent authority or institution to look at what happened, look at the devices that sent the data to china and to physically visit the server, check the data on the server and see who had access to the server and data on the server and publish a report on their findings. That might put current users at ease, show Nokia is open and is in the clear about what happened and that was a honest mistake that took place and that people can have confidence in Nokia to sort out anything that happens now and in the future and people can rest assured the matter has been taken care of and dealt with when they became aware of it. And that the mistake was rectified in the Feb. SP. 

    That's how I would have handled it. As I would think a independent authority with credentials would show Nokia takes the matter seriously and takes it's client's personal data and security seriously. And is willing to prove it at all costs. Just a suggestion and my opinion. 
  • Muser Muser
    ✭✭✭  / 
    madbilly said:
    @Muser thanks, I see it, I hadn't remembered them. Do you know the full company name? Website? Are they owned by Foxconn?
    No idea, I think only HMD can answer that. Android app names usually follow the "developer website.app name" convention (i.e., com.hmdglobal.support) but Evenwell, NBC, etc don't seem to follow it.
  • Dog007 Dog007
    ✭✭  / 
    HMD Laura a nice answer but it doesn't describe the real problems and also doesn't solve the problems of the smartphone owners because HMD has already refused them several times.

    I don't lack knowledge, but you lose faith in HMD.
    B)
  • Hi HMD_Laura, I've just tried requesting the latest approved build and it's not working. Mine shows as of August 2018. Please support.
  • madbilly madbilly
    ✭✭✭✭✭  / 
    @Milu-Daniel MARCU @HMD_Laura can't directly help you with this, you need to contact support directly: https://www.nokia.com/phones/locale/support
  • @madbilly thanks! I did, but seems they cannot support. But @HMD_Laura should get my post nonetheless. Cause I have one of their devices involved in this data sharing scandal. But won't get their last build.
  • madbilly madbilly
    ✭✭✭✭✭  / 
    When you say they cannot support what do you mean? Do they refuse to talk to you? Or you tried their suggestions and they don't work?

    Personally I found that using an old SIM card from another operator which is no longer valid enabled me to get the latest update. This is on Nokia 8 though, not 7+.
  • They did talk to me sure. But what they suggested, did not work. Good point with the old sim though. Thanks @madbilly ! 👍
  • Muser Muser
    ✭✭✭  /  edited March 26
    Hi HMD_Laura, I've just tried requesting the latest approved build and it's not working. Mine shows as of August 2018. Please support.
    I think the app was added in the December 2018 update but you should try and update regardless to be on the latest security update. Try going to the phone dialer and enter *#*#checkin#*#* 

    The video below shows how it works (about 1:15 in),


  • DNPL DNPL
    ✭✭  /  edited March 26
    @HMD_Laura

    Now, this is a question must be answered.

    Does HMD's compliance with China Cyber Security Law extend to markets/regions, which the People's Republic of China claim to have sovereignty over, while de facto being independent?

    Or, to put it more simple and specific:

    Do Nokia phones sold in Republic of China, Taiwan, transfer data to servers located in and owned by People's Republic of China?

    If the answer is positive, what types of data are collected and transferred?

    If the answer is negative, where on earth is the data collected from your customers in Taiwan stored?

    And lastly, where and who are in charge of the development and distribution of firmware for phone models/variants sold inside and outside of China? Developers working in Finland directly reporting to HMD Global Oy, or FIH Mobile Limited founded in People's Republic of China? Is Nokia capable of ensuring that firmware updates in the future will not include the same mistake?

    Thank you.
  • madbilly madbilly
    ✭✭✭✭✭  /  edited March 26
    @DNPL good question! Some of HMD's phones have had specific model variants for the HK/Macau/Taiwan market, e.g. the original Nokia 6. However, most models don't have these variants, as far as I know HK/Macau and Taiwan get the global version like the rest of the world. Some people who might be able to tell us are @singhnsk, @akilesh and @hikari calyx (please excuse me calling you in here) since they are much more familiar with the individual firmware variants than I am.

    I now that Taiwan's status is very very different from HK/Macau, but as far as HMD considers markets I think it puts them in a single group.

    If the phones in Taiwan use the global firmware then I believe the activation/registration data will go to Singapore, as HMD explained the link that Laura posted.

    Also, I think that FIH Mobile is a Taiwanese company traded on the HK stock exchange isn't it? At least I think that it's parent company, Foxconn, is from Taiwan (Hon Hai Precision Industry).
  • Dear Mr Sarvikas,
    I write this to you with a heavy heart. I am from India and due to certain Geo-political issues concerning our neighboring countries I had made up my mind to NOT use any chinese product as much as it is feasible for me. Though our domestic market is teeming with chinese products, i make a conscious decision to NOT buy such products as much as possible (including chinese apps. I do make a quick googling of all the app developers whose products sit in my phone.)
    So as i surveyed the market before buying a phone i zeroed on Nokia. (instead of cheaper chinese options with better features). So i bought Nokia 8 and i was more so happy when it carried the tag - Made in India.
    But after the alleged "data breach" fiasco it has left a bad taste in my mouth. You have put me down in front of my friends whom i had persuaded to not buy cheap chinese phones and go for Nokia. I went through my phone built in apps list and found those offending apps sittin in my phone, like digital moles.
    Now if i had wanted my data (yes those data are personally identifiable, it is my belief) to be siphoned to chinese servers i would have bought any such cheaper option available in abundance in Indian market.
    But still i will try to make amends. As i have said - i try my best to avoid such products and hence do so by striking off Nokia from my list of future phones and also product advises to my friends.
    This is where Apple products come in. Yes i know most of them that are sold in India are assembled in china, but i have full faith on them as far as data privacy goes. This company even fought against their own Homeland security to respect an individual's privacy (Google it you will know ). I have a Mac and an iPad. So i know how and what they do to respect customer privacy.
    in the end just one line comes up in my mind - Et tu Brute?

  • edo edo
    ✭✭  /  edited March 27
    @user1513145256928 I understand your concern, but I can tell you that no personally identifiable data has been shared, I followed the case closely hour by hour being part of the investigation team.
    We found out that the wrong activation client was mistakenly included in a small batch of 7 Plus but the data sent to the server has never been processed.
    Let me know if you have further question, we care a lot about personal data privacy here at HMD
  • gonespeed gonespeed
    ✭✭  / 
    Pretty bad idea to have this explode at this moment.  According to Nokia, it's should only happens the phone sold in China.  
    My question is "Does it affect Nokia phone sold in Hong Kong?"
    Nor even Macau, or Taiwan?
Prev1
Sign In or Register to comment.