How Xiaomi Mi 10T, Huawei P40 and OnePlus 8T spy on what users type on their phones. 5 reasons not to buy these devices

2021 has been a really good year for Xiaomi, as trends indicate that for the first time the company will occupy the first place in the shipment of smartphones, surpassing giants such as Samsung. This and other emerging manufacturers such as Huawei and OnePlus have shown incredible growth over the past few years, although recent reports cast serious doubts on the functionality of security measures in these products.

The police’s cybersecurity unit in Lithuania published a report in which they point out that some recent models of smartphones could detect and censor the use of specific words remotely. These tests were performed on the Xiaomi Mi10T, Huawei P40 and OnePlus 8T models.

According to this research, the problems exist because the apps preinstalled on these devices sometimes receive a blacklist of words blocked by decision of the manufacturer, especially terms considered offensive and related to issues such as the independence of regions such as Taiwan and Tibet.

Specialists say that devices enabled with this list of words could block any content that includes these terms.

This feature, probably intended for devices sold in China, is disabled for smartphones sold in Lithuania (place of research), the United States and other countries outside Asia, although the researchers point out that manufacturers have no impediment to enable this function arbitrarily and remotely.

For Xiaomi devices, this set of terms subject to censorship is called “MiAdBlocklist” and is active in preloaded applications, including package installers, security and optimization tools, web browser and others, so the operation of this blacklist could be related to these applications and not work independently.

In addition to the report on the list of censored terms, experts noted that Mi Browser collects a large amount of user information unnecessarily and without requesting express permission from users, in addition to Xiaomi sending an encrypted SMS from the user’s device when registering for its suite of cloud services, which they consider a potential risk of leakage of confidential data.

Regarding the Huawei P40, experts believe that it is not recommended that Huawei App Gallery redirect users to third-party repositories, as these platforms are plagued by malicious developers looking to infiltrate vulnerable devices.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.