Chinese smartphone makers make up a massive proportion of the global market, with brands like Huawei, OnePlus and Honor finding widespread success even outside of China. While the majority of phones sold in the UK come from American or Korean brands - namely Apple, Google, LG and Samsung - an increasing number are coming from China, as these firms turn their attention towards the global market.
There have been plenty of positive headlines to mark this trend, commemorating Xiaomi opening its first London store, Huawei releasing their critically acclaimed Mate 20 Pro and the Oppo Find X defining the notchless display trend for 2019. However, there have also been some frankly worrying stories involving many of these same brands - including allegations from US intelligence officials that Huawei and other Chinese brands may be selling phones that can be used to spy on you, steal information or cause issues with telecommunications equipment. So: should we be afraid of Chinese smartphones? Are Chinese smartphones safe to use? Here’s what I think.
First of all, let’s cover the obvious. If you’re an international agent of mystery, work in a large multinational or have access to secure systems, you shouldn’t be using a standard phone to access critical data in the first place. Instead, you ought to be using a company handset that comes with security software preinstalled that should cover you from most issues.
If you don’t access any particularly sensitive data, then you’re probably not a target and shouldn’t worry too much about a Chinese smartphone activating one day and selling your personal secrets to the highest bidder. While Chinese phone makers might have a greater incentive to keep their government happy than phone makers in other nations, they’re still massively dependent on foreign sales and aren’t likely to completely sacrifice their reputation by spying on their users.
As ZDNet’s Jason Perlow opined on the subject:
“The US – and the western world as a whole – is China’s best customer next to its own domestic market. The country has zero desire to jeopardize this, regardless of its own national security interests… If it were discovered that China was, in fact, using consumer electronics exports to spy on American citizens and businesses en masse, the consequences would be utterly disastrous for it… it would be catastrophic for the country’s image and would throw the global consumer electronics industry into utter chaos.”
So does that mean that everything is fine? Not exactly. If Chinese firms do include backdoors - deliberate secret access points designed for use by phone makers or governments - in their smartphone software, as alleged by Bloomberg and others, then there’s always the potential that the vulnerability will be exploited by a malware author, or that the backdoor will be used for its intended purpose of disrupting communications, silently collecting personal information and so on. Of course, this kind of activity could be perpetrated by dodgy app developers, your non-Chinese smartphone maker or even your local government, so it might be worth following some simple procedures to ensure your data is managed as well as possible.
Firstly, VPN and proxy software like Tor can be used to encrypt your web activity, making it harder (but not impossible) for anyone to find out what sites you’re visiting, what internet searches you’re making and so on. There are also privacy-oriented search engines like DuckDuckGo that pledge not to collect personal data. You can also install apps like MalwareBytes to scan your apps for malware and make sure that nothing untoward is happening under your nose.
Recent versions of Android also alert you when an app tries to access your microphone, camera, phone or storage, so don’t blindly accept these prompts - think about the requests critically and deny the ones that don’t make sense, like a flashlight app needing access to your dialer. Along similar lines, try to exercise good judgment by not installing software by unknown developers, especially those distributed outside of the Google Play marketplace as .APK files.
Reading the news is also good practice. Sites like El Reg and /r/netsec on Reddit will often be the first to report potentially malicious apps or operating system vulnerabilities, so by keeping abreast of the headlines, you’ll be quicker to react to potential problems - and you’ll get a better idea of what you should be looking out for.
And finally, yes - choosing an American or Korean-made phone over a Chinese alternative may make you and your data a little safer. Samsung, Apple and BlackBerry all include relatively advanced security features in their phones and the first two aren’t Chinese companies. There are even distributions of Android that include more privacy features, like CopperheadOS and LineageOS, which can be worth looking into.
Unfortunately, even by following all of these steps, you’re not 100% safe from malicious foreign agents, including those based in China. Even if you never buy a Chinese phone, you will unquestionably interact with Chinese-made electronics and electronic components, possibly hundreds of times per day. That includes stuff like routers, fibre-optic networks, televisions, automobiles, computers, medical devices, airplanes and much more. Even if you somehow were able to avoid all of these potential targets, what about your friends and family who possess some of your personal information - will all of them be able to avoid potentially unsafe devices too? It seems unlikely.
Ultimately, you have to make peace with the fact that there is no such thing as absolute data privacy in the modern world - and if you want to change that, you’d be better off talking to your local government representative about data protection laws and supporting local smartphone companies instead of avoiding Chinese phones for the rest of your life.
What do you think? Do you own a Chinese phone or do you specifically avoid them? Let me know - it’s an interesting topic and I’m curious to hear your views. You can contact me on Twitter @wsjudd.