An alarming post titled ‘Chinese Spyware Pre-Installed on All Samsung Phones (& Tablets)’ went up on Reddit on January 6 this year, claiming that a pre-installed function on the Korean tech company’s devices 'communicates with Chinese servers'.
While the post said that it was not in any way made to slander Samsung, it generated a lot of buzz. This is because data breaches are becoming very regular and customers are becoming more sensitive. In India alone, a survey by Forcepoint and Frost & Sullivan found that 69% of organizations in the country are at risk of a data breach.
Globally, companies are losing billions over security leaks and more so to the customer dissatisfaction that these leaks generate. HP's discussion on the ‘Future of Cybersecurity’ reveals that the cost of cybersecurity measures will cross the $10 billion threshold by 2027. With companies like Samsung that operate globally, rumours like this could impact their sales.
So, is your Samsung phone sending data to China? The answer is yes, but it’s probably less alarming than you might think.
Device Care and 360
The problem stems from a built-in application called Samsung Device Care. It’s an app pre-installed in the Samsung One UI for Android 10 implementation, and therefore one that cannot be removed. One of the key functions of this app is scanning storage and optimizing for space or battery use. The author of the Reddit post, however, found that this function – after using a pocket analysis tool – is sending some form of data to Chinese domains.
One domain that stood out was 360 [dot] com, owned by Samsung’s partner in Device Care named Qihoo 360. Aside from the shady misdealing that the author raises, the security company has made headlines in the past because of its compliance with China’s censorship directives.
Although the author admits that they cannot see which information was being sent to China, alarms were still raised given the reputation of the company.
The China Factor
According to Samsung, however, there’s nothing to be alarmed about. The company has since issued a statement saying that Qihoo 360 only sends pertinent data including the OS version, phone model, and storage capacity, among others, which helps in optimizing the phone. Samsung also highlights that 360 handles your phone’s junk library but only stores them locally.
While this is assuring in a way, some users still think Samsung should take its business away from Chinese contractors. The tech company has closed its entire phone manufacturing operations in China after economic indicators showed that India, Vietnam, and Brazil are better options. However, Samsung still has numerous contracts with Chinese companies for its software use, like Qihoo 360.
The Chinese government and local companies have been notorious for having loose data privacy standards and intrusive data collection regimens in the past. In the smartphone industry, Chinese flagships Huawei and Xiaomi among others have all been accused of installing spyware codes and applications in their phones. Major security flaws were also found on Chinese app Tiktok which some are calling 'a national security threat' to Americans.
While this whole Samsung issue might be put to bed, it’s in a way, reminiscent of the on-going US-China trade war tensions – something experts predict will continue in 2020.