As far as I could find out all Nokia phones come preinstalled with a system app called CAIVS which collects private data. On other forums this particular app has been described as spyware. You cannot unistall or disable it. It sends user data to servers in China using wifi/mobiledata. Can a Nokia/HMD representative give an explanation? Can we uninstall/disable it in the future?
Regarding Caivs, it's an unfounded claim that seems to be based on some several year's old postings at the XDA developers forum (it's a cold and rainy morning).
The phone OS, system and third-party apps is nowadays handled by Google's Play Protect. Claims of viruses and malware in the OS and system files or in apps downloaded from the official Play Store is most likely false.
Phone variants for China must comply with specific and different regulations than phones for the rest of the world and the USA, in both hardware and software. The claims and 'solutions' the XDA forum come up with often does not apply to phone variants intended for sale outside China.
Customers are lured to purchase Nokia phones from unofficial resellers at online flea-markets advertising it as 'global model' (or similar phrase) but is actually China homeland or Taiwan variants, causing confusion in this forum and elsewhere.
There is basically phone variants (TA-xxxx) for China, for the USA, and for 'the EU and the rest of the world', with possible variants for specific countries and for specific mobile operators, but no global model.
HMD should in my opinion make it clear that grey import phones come without the manufacturer's limited warranty, and without official support outside the country or area that the specific phone variant is intended for.
There is enough work with legit phones.
Regarding system files and what they do, a possible starting point is https://source.android.com/
So, any idea what CAIVS does?