Lithuanian, other MEPs turn to EC over security of Chinese smartphones

VILNIUS – A group of MEPs from Lithuania and other countries have turned to the European Commission over the security of Chinese smartphones, asking for the protection of consumers' privacy.

Initiated by Lithuanian MEP Rasa Jukneviciene, the letter to European Commission President Ursula von der Leyen and Vice-President of the European Commission Thierry Breton has been signed by over 30 MEPs from different political groups, including Lithuanian representatives Andrius Kubilius, Ausra Maldeikiene and Juozas Olekas.

In the letter, the MEPs are calling on the Commission "to take appropriate action to safeguard the privacy of mobile users and the freedom of the information space in Europe".

Moreover, the letter cites the Lithuanian National Cyber Security Centre's report published in September and highlighting security, privacy and free speech concerns associated with the use of smartphones produced by Chinese manufacturers Xiaomi and Huawei.

"A technical assessment of recent 5G enabled models has revealed features that collect and transfer excessive personal information, expose users to cybersecurity risks and malware, and automatically censor downloaded content if it is not in line with Beijing’s policy at home and abroad," the letter reads.

The findings complement prior data that identifies dozens of vulnerabilities across older generation Xiaomi and Huawei devices. In response to the study, Lithuania's Ministry of National Defense has officially called for caution when using Xiaomi and Huawei smartphones analyzed in the report, the MEPs' letter says.

It also pays attention to the fact that EU and its member states have already largely acknowledged the cybersecurity and privacy risks associated with China’s investment in critical infrastructure across the EU and in the rollout of 5G technology in particular.

The letter underlines that "there are increasing concerns over cyber espionage in Europe", noting that a series of cyber-attacks in France in August were linked to hackers close to Beijing.

"China's disinformation, academic censorship, and political interference through social networks and media organizations are growing sources of concern across Europe and in its immediate neighborhood," the letter reads. 

"In light of this, we urge the Commission to step up the cooperation at the EU level and to set common standards and approach for the use of unreliable information and communication technologies that take into account technological risks and national security considerations."

HUAWEI INSISTS IT ENSURES DATA SECURITY

Mindaugas Plukys, corporate communications manager for the Baltics at Huawei Technologies, says Huawei always complies with the laws of the countries in which it operates and considers cybersecurity and privacy protection a top priority.

Huawei has a strong cybersecurity record in more than 170 countries and regions and serves over 3 billion users, according to Plukys.

"User data is never processed outside the Huawei device," he said in a comment on Wednesday. "Huawei is always transparent about the necessary data which it collects from its customers and which are used to enhance personalization and the user’s experience."

Plukys said AppGallery only collects and processes the data necessary to allow its customers to search, install and manage third-party apps, in the same way as other app stores available in the market. 

According to Plukys, Huawei performs a security check to make sure that users only download apps that are secure and work properly on their devices.

"We respect the laws of each country and region where we operate and take great care of our customers, partners and all the people who use our technology," he said.

"Huawei firmly believes that the security of our products and those of other manufacturers should be evaluated on a case-by-case basis, based on facts and without prejudice."

Having carried out an assessment of 5G smartphones made by Chinese manufacturers, Lithuania's National Cyber Security Centre said in late September that the assessment of a Xiaomi device had revealed a technical functionality that could censor the content of downloaded material. Several apps on the smartphone are periodically downloading a list of banned keywords from the manufacturer. If the content the user is downloading contains keywords from the list, it is automatically blocked.

At the time when the investigation was conducted, the list included 449 keywords and keyword combinations in Chinese characters, for example, free Tibet, America’s voice, democratic movement, Long Live the Democratic Taiwan, etc.

The investigation also attributed cybersecurity risks to Mi Browser, the web browser on Xiaomi-manufactured cell phones. It uses not only Google Analytics as other browsers but also Chinese Sensor Data, which collects and periodically sends out data on as many as 61 functionalities regarding user activities on the device.

The assessment of a Huawei 5G cell phone found that AppGallery, the official app store installed by the manufacturer, automatically redirects to their-party e-shops if it does not include what the user is looking for. Part of the apps offered in such e-shops are recognized by antivirus programs malware or infected.

Both Chinese companies have rejected the security allegations. Xiaomi has vowed to carry out an external investigation.