Chinese companies’ tech and innovation is expected to shine at this year’s Consumer Electronics Show, happening now in Las Vegas, NV. Several Chinese companies have wowed the tech world recently, of note One Plus and Huawei.
The story of Chinese tech is not all roses. Famously, several years ago Lenovo’s Thinkpad shipped with spyware. In November 2016 news broke that particular Android phones carried spyware transmitting user location, texting, and calling activity to China. The purpose of the spyware remains unclear, at least publicly. We can imagine several scenarios: to support troubleshooting as the company that codes the software claims, to assemble user profiles for advertising, corporate espionage, or state sponsored intelligence gathering.
Gathering information as part of a Chinese intelligence endeavor is the most concerning. There is precedent for such data gathering: over several years the Chinese intelligence services targeted US Government databases containing personnel records, data related to security clearances in particular. While an attack on security clearance repositories has clear intelligence appeal, what about peeking at mundane cellphone user behavior? By and large, the data is probably of little use, but a spy agency playing the long game may be satisfied with a few needles in the proverbial haystack. Perhaps they are interested in mosaicing, hoping that a few of the affected cellphone users will also be in the trove of security clearance data they pilfered. The cellphone behavior data could tell them who their targets call (their relationships), where they go and when (their current workplaces), and even what they say (their interests). Of course, such an approach could be used to further corporate espionage attempts.
So, are Chinese designed or made devices a security concern? It appears to be a moot point. With so many of the devices on offer are designed or made in China, there is ample opportunity to insert undesirable applications. With this issue largely out of consumers’ hands, the better question is whether Chinese apps in the Play Store pose a threat and what steps are necessary to keep Android as secure as possible?
© Peter Roehrich, 2017