German cybersecurity firm Nitrokey has recently published a report revealing an undisclosed feature in Qualcomm Snapdragon chips that collects and transmits user data directly to Qualcomm's servers. This feature operates independently of the Android operating system, meaning that data can be transmitted without the operating system's involvement. Nitrokey conducted tests using the Google-free version of Android on a Sony Xperia XA2 phone fitted with a Qualcomm Snapdragon 630 chip, and discovered that data was being transmitted to the izatcloud.net server, which is owned by Qualcomm. The report stated that Qualcomm chips collect and transmit a wide range of user information, including device manufacturer and model, chip serial number, XTRA software version, a list of programs on the device, mobile network code and mobile country code, unique smartphone identifier, IP addresses, and other data. This feature affects around 30% of mobile phones globally, including Android phones and iPhones that utilize Qualcomm communication modules.
According to the report, the data is transmitted via an insecure HTTP protocol without additional encryption, making it easily accessible to anyone who can read the unique identifier data transmitted to Izat Cloud. Nitrokey concluded in the blog post that Qualcomm's customized AMSS firmware takes precedence over any operating system, and a unique device signature can be generated based on collected data that can be accessed by third parties. Qualcomm responded to the report by stating that data transmission complies with the XTRA service's privacy policy, which permits the collection of such user data. However, the fact that data is transmitted via an insecure HTTP protocol has raised concerns about the privacy and security of user information.
This report highlights the importance of secure transmission of user data in compliance with privacy policies. It also underscores the need for greater transparency from technology companies regarding the data they collect and how it is used. As more devices become connected and collect more data, it is important that users are aware of how their information is being used and have control over it. Google's latest update for developers requires all Android apps to include a feature allowing users to delete their accounts and data, indicating an increased emphasis on user privacy.
Please support me the Curator and my Witnesser.
Jesta
roelandp
good-karma
timcliff
isnochys
busy.witness
curie
nxtblg
originalworks
Thank you for visiting and reading my post, do not forget to UPVOTE, COMMENT, and RESTEEM yes steemian ...