This post is also available in: עברית (Hebrew)
A US company specializing in manufacturing wireless telecommunications hardware has allegedly been collecting user data in secret. Chips produced by the Qualcomm company are used in approximately a third of all Android devices, as well as some Apple smartphones.
Research published by Nitrokey on April 27th claims that hardware produced by Qualcomm was uploading users’ private data, including IP addresses, to a cloud attributed to the company without their consent.
As data sharing with Qualcomm is not mentioned in Sony’s terms of service (the vendor of the device used by a researcher), Android, or /e/OS either, this might violate General Data Protection Regulation laws (GDPR).
Paul Privacy, the researcher behind the report, claims that on top of the concerns regarding consent, the data packages are sent via the HTTP protocol and are not encrypted using HTTPS, SSL, or TLS. This makes them vulnerable to attacks.
By collecting this data and creating record history using the phone’s unique ID and serial number, anyone on the network — including malicious actors, government agencies, network administrators, and telecom operators could easily spy on users.
As reported by cyber news.