Comment une entreprise comme Nokia ou OnePlus « par erreur » recueille-t-il les dat. utilisateur…

Comment une entreprise comme Nokia ou OnePlus « par erreur » recueille-t-il les dat. utilisateur…

How does a company like Nokia or OnePlus ‘mistakenly’ collect user data and ship it off to a server in China?

comment une société comme Nokia ou OnePlus « par erreur » collecter les données de l’utilisateur et l’expédier à un serveur en Chine ?


Voir sur Reddit by i_post_tech_articles

16 réflexions au sujet de “Comment une entreprise comme Nokia ou OnePlus « par erreur » recueille-t-il les dat. utilisateur…”

  1. As a software developer, I can tell you software development is a shit show. It’s nonstop corner cutting, in a desperate attempt to keep up with business demands.

    And generally speaking management is totally incompetent. Quite often if management just stopped showing up to work, the product would rapidly improve. They are people who want to « advance » in their careers, generally they have no management expertise whatsoever.

    It’s a mess. It’s a wonder anything works at all.

  2. Due to Chinese laws, smartphones sold in China often have a different OS image on them, which may include tracking and sending data to Chinese servers.

    Looks like Nokia by mistake flashed Chinese software onto phones meant for the western market.

  3. We don’t need to assume malice on Nokia/OnePlus’s part here, just carelessness.

    When you’re writing software, it is impractical to write everything from scratch – think of the sheer number of things your phone can do. Programmers typically resort to using third-party libraries for some, if not most of the phone’s software. Depending on the way licensing works, the phone manufacturer may or may not have access to the library’s source, which makes auditing code more difficult than it ought to be.

    It is unfortunately pretty common to compromise third-party libraries. See https://blog.autsoft.hu/a-confusing-dependency/ for a recent example in Android-land.

  4. > But if things like backdoors and secret data transmissions happen more than once — I’m looking at you, BLU — these companies need to be branded with a scarlet letter and shunned. I’d still buy a Nokia-branded or OnePlus phone, because things were handled correctly and quickly once the problems were found.

    Wait, what? OnePlus was caught transmitting personal data **and** having backdoors in their phone – in two separate incidents. The authors own logic states that OnePlus should be shunned, yet he is still willing to use the brand?

  5. Everyone is pissed off (as they should) for a phone model sending data to a Chinese server.

    Why nobody cares when every Android phone sends information to Google servers on average 91 times per hour? It seems about the same thing to me.

  6. Do some people just accept that Nokia doesn’t do a random QC for every batch if they have the correct firmware and software?

    It’s okay if there are bugs but flashing the incorrect firmware / software?

  7. As many people commented earlier, modern software are basically a huge tower of dependencies. There was a similar thing a while back where one particular package on NPM was compromised with some malicious code and was then found out but because the piece of code was listed as a dependency in alot of other packages, all those packages got compromised and the chain continues. This is the reality of software today.

    ​

    even if the devs are fully aware and are doing the best they can going though everything with a fine toothed brush, it’s really easy to miss stuff like this. This was the case for that NPM package which was up and doing malicious things for a while before someone noticed that something weird’s happening and the offending code came from some obscure package in their tower of dependencies.

    ​

    It turns out that the offending package is a bit coin theft code and the actual payload is encrypted by the parent package’s name and the package that was able to decrypt the code and execute it is a bitcoin wallet management package.

    ​

    it sucks that shit like this happens but we live in a word were it’s impossible to build anything software wise without using someone else’s code and the bigger the project, more opportunities there are for one bad actor or even just one lazy bum in the sea of nice and diligent people to ruin things for everyone.

  8. Makes me want to sell my OnePlus. At this point, I feel like my only options are trying out Samsung’s ecosystem or dealing with Google’s bullshit and go back to the Pixel in a year or two. The Razer Phone was appealing, but now it sounds like the line’s future is uncertain. I thought OnePlus would be our savior, but no.

Les commentaires sont fermés.