HMD, the Finnish company making Nokia-branded devices, is now being investigated by the country’s data protection watchdog amid reports that some of its phones sent data to servers in China. The investigation comes after NRK, a Norwegian public broadcaster, claimed having proof which showed that Nokia phones were sending sensitive data to China based on a tip from a device owner.
Henrik Austad, the man who gave the tip, said he was monitoring the traffic from his Nokia 7 Plus and found that it was sending unencrypted information to a Chinese server. The data included the SIM card number, the phone’s serial number, and his location. The broadcaster’s findings revealed that the server was under the domain “vnet.cn” which is said to be managed by China Telecom, a state-owned company.
Finland’s data protection ombudsman Reijo Aarnio said that the investigation will now look at whether there was a breach and personal information and involved as well as if a legal justification can be provided for this. A deeper dive showed that this was probably intended for the Chinese version of the Nokia 7 Plus and not the global version.
This was echoed in HMD Global’s statement to Finnish newspaper Helsingin Sanomat. The company said that the data collection was due to a coding mistake with an “activation package” being included accidentally in some phones’ firmware. It added that only a single batch of Nokia 7 Plus devices had this package. It also said that the issue was addressed in a firmware update sent out in January and that most customers had installed it.