In what could be surprising, HMD Global's Nokia-branded smartphones were spotted sending unencrypted data to China.
The information is confirmed by the Finnish data protection watchdog who said that some Nokia phones were sending users data to a Chinese server. The server in question was under the domain named "vnet.cn" which is said to be owned by the state-owned carrier China Telecom. Notably, details about unencrypted data being sent to the server surfaced when a Nokia 7 Plus user named Henrik Austad reported the matter to Norway's public broadcaster NRK.
Upon investigation, NRK found that the server was associated with China Telecom and the data was being sent in 'unencrypted format' by a Nokia 7 Plus device. From what's been explained, every time the Nokia 7 Plus units were powered on, data would be transferred immediately over the server. Moreover, turning on the display or even unlocking the device said to have triggered the same process.
As per reports, the issue is said to have plagued only a "single batch" of Nokia 7 Plus units. While this certainly concerns Nokia phone users, HMD Global acknowledging about the data breach said that the issue was caused by "an error in the software packaging process in a single batch of one device model". Apparently, the units were initially intended for users in China, but it 'ultimately' rolled out to the European market. The bug is said to have been patched in February and with the issue now raised, reports note that HMD Global has removed the 'infringing files' from the devices.
The Finnish smartphone manufacturer responding to the matter told Reuters via mail, "We can confirm that no personally identifiable information has been shared with any third party."
But while HMD Global affirm the issue to have been patched, the Finnish watchdog will still investigate to check whether users' personal information was sent.