The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei’s P40 5G, Xiaomi’s Mi 10T 5G, and OnePlus’ 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC’s security audit.
The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.
The OnePlus 8T 5G—arguably, the best-known and most widely marketed phone of the three—was the only one to escape the NCSC’s scrutiny without any red flags raised.
Xiaomi Mi 10T 5G
Xiaomi’s Mi 10T 5G ships with a nonstandard browser called “Mi Browser.” The NCSC found two components in Mi Browser which it didn’t like—Google Analytics, and a less familiar module called Sensor Data.
The Google Analytics module in Mi Browser can read from the device’s browsing and search history and can then send that data to Xiaomi servers for unspecified analysis and use. The Google Analytics module is activated automatically by default during the phone’s first activation or after any factory reset.
The NCSC found that Sensor Data’s module collects statistics on 61 parameters related to application…