Nokia-branded phones sent personal data from Norway to China

Norwegian media is reporting that private data of Nokia 7 Plus users may have been sent to a server in China for months. Finland’s data protection ombudsman will investigate and may escalate the case to the EU.

Henrik Austad, a Nokia 7 Plus user in Norway, alerted the Norwegian public media group NRK in February when he noticed every time he powered on his phone it would ping a server in China and batches of data would be sent. The data included the phone’s IMEI numbers, SIM card numbers, the cell ID of the base station the phone is connected to, and its network address (the MAC address), and they have been sent unencrypted. Investigation by NRK discovered that the recipient of the data is a domain (“http://zzhc.vnet.cn”) belonging to China Telecom.

Nokia 7 Plus pinging China server

Because HMD Global, the company behind the Nokia-branded phones that was set up by former Nokia executives and has licensed the Nokia brand, is a Finland-registered company, the news was quickly brought to the attention of Reijo Aarnio, Finland’s data protection ombudsman . “We started the investigation after receiving the news from the Norwegian Broadcasting Company (NRK) and I also consulted our IT experts. The findings showed this looks rather bad,” Aarnio said.

When talking to the Finnish state broadcaster YLE and the country’s biggest broadsheet newspaper Helsingin Sanomat (HS), the ombudsman also raised a couple of serious concerns he said he would seek clarifications from HMD Global early next week:

  • Are the users aware that their personal data are being transferred to China?
  • On what legal ground, if any, are personal data transferred outside of the EU?
  • Have corrective actions been taken to prevent similar cases from happening again?

Earlier when writing to NRK, Aarnio said his first thought was this could be a breach of GDPR, and, if true, the case would be brought in front of the European Union. (Although Norway is not a EU member state, Iceland, Liechtenstein, and Norway, the three EEA countries which are not part of the EU, agreed to accept GDPR two months after it came into effect in the EU.)

Replying to Telecoms.com’s enquiry, HMD Global, through its PR agency, sent this statement:

We can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed and no person could have been identified based on this data. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it.

Collecting one-time device activation data when the phone is taken first time into use is an industry practice and allows manufacturers to activate phone warranty. HMD Global takes the security and privacy of its consumers seriously.

Jarkko Saarimäki, Director Finland’s National Cyber Security Centre (Kyberturvallisuuskeskus), which offered to support the ombudsman if needed, raised another point while talking to YLE, “In cases of this kind, the company should report the case to the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto) and inform the customers of the data security risk.” It looks what HMD Global has done is exactly the opposite: it quietly fixed the issue with a software update.

What exactly happened remains unclear, but the investigation from NRK may shed some light. Further research into the data transfer took NRK investigators to GitHub, where they discovered a set of code that would generate data transmission similar to that on the Nokia 7 Plus in question, and to the same destination. This code resides in a subfolder called “China Telecom”. On the same level there are also subfolders for China Mobile, China Unicom as well as other folders for different purposes. Henrik Lied, the NRK journalist who first reported the case, shared with Telecoms.com this subfolder structure that he captured on GitHub:

GitHub snapshot

Closer analyses of the code in question on GitHub by Telecoms.com seem to have given us a bit more insight. This is what we assume has happened: HMD Global or its ODM partner sourced the code from a developer by the GitHub username of “bcyj” to transfer user data when a phone on China Telecom network is started. But, by mistake, HMD Global has loaded this set of code on a number of Nokia 7 Plus meant for Norway (“our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus”). When it realised the mistake by whatever means HMD Global released a software update to overwrite this code.

Incidentally it looks the code was originally written for a Chinese OEM LeEco (which is largely defunct now) whose product, e.g. the Le Max 2, was running on the Snapdragon 820 platform with the MSM8996 modem. The modem was later incorporated in the mid-tier platform Snapdragon 660 which powers the Nokia 7 Plus.

There are still quite a few questions HMD Global’s statement does not answer.

  • How many users have been affected? And in what countries? The award-winning Nokia 7 Plus is one of the more popular models from HMD Global, and it is highly unlikely a batch of products were specifically made for the Norwegian market with its limited size. Could the same products have been shipped to other Northern European markets too?
  • Is China Telecom the only operator in China that requires phones on its network to be equipped with a software that regularly sends personal data? We do not find similar programmes under the China Mobile or China Unicom subfolders on the same GitHub location.
  • Is HMD Global the only culprit? Or other OEMs’ products on China Telecom network and on the same Qualcomm modem are also running the same script every time the phone is powered on, but they have not made the same mistake by mixing up regional variants as HMD Global did?
  • On what ground could HMD Global claim that the recipients of the data or any other parties who have access to the data (as they are sent unencrypted), will not be able to identify the individuals (“no person could have been identified based on this data”)? To defend itself, in its statement to NRK, HMD Global referred to the Patrick Breyer vs Bundesrepublik Deutschland case when the Court of Justice of the European Union (CJEU) ruled that whether a certain type of data would qualify as “personal data” should generally need to be assessed based on a “subjective / relative approach”. In the present case HMD Global seems to be arguing that the recipients of the data sent from the phones are not able to establish the identities of the users. It may have its point as China Telecom (or other identities in China that receive the data) does not have the identity information of the users. However, this is a weak defence. The CJEU sided with the German Federal Court of Justice because the point of dispute was dynamic IP only, and the court deemed “that dynamic IP addresses collected by an online media service provider only constitute personal data if the possibility to combine the address with data necessary to identify the user of a website held by a third party (i.e. user’s internet service provider) constitutes a mean “likely reasonably to be used to identify” the individual”, as was summarised by the legal experts Fabian Niemann and Lennart Schüßler. In the HMD Global case, however, a full set of private data were transmitted, not to mention transmitted unencrypted.
  • On what evidence did HMD Global claim that the data transmitted has not been processed or shared with third parties?

To be fair to HMD Global, this is not the first, and by no means the biggest data leaking incident by communication products. For example the IT and communication system at the African Union headquarters, supplied and installed by Huawei, was sending data every night from Addis Ababa to Shanghai for over four years before it was uncovered by accident. Huawei’s founder later claimed that the data leaking “had nothing to do with Huawei”, though it was not clear whether he was denying that Huawei was aware of it or claiming Huawei was not playing an active role in it.

Qualcomm lands roundhouse in Apple legal battle

The on-going legal battle between Qualcomm and Apple has taken a twist as the US District Court for the Southern District of California has ruled in favour of Qualcomm.

The court has decided Apple’s iPhone 7, 7 Plus, 8, 8 Plus and X infringe two Qualcomm patents, while the iPhone 8, 8 Plus and X devices infringe on a third. As a result, the jury has awarded Qualcomm $31 million in damages.

“Today’s unanimous jury verdict is the latest victory in our worldwide patent litigation directed at holding Apple accountable for using our valuable technologies without paying for them,” said Don Rosenberg, General Counsel for Qualcomm.

“The technologies invented by Qualcomm and others are what made it possible for Apple to enter the market and become so successful so quickly. The three patents found to be infringed in this case represent just a small fraction of Qualcomm’s valuable portfolio of tens of thousands of patents. We are gratified that courts all over the world are rejecting Apple’s strategy of refusing to pay for the use of our IP.”

The three patents support different functions on iPhones, all of which has become normalised features of the devices. Patent No. 8,838,949 enables ‘flashless booting’, removing the need for a separate flash memory and allowing smartphones to connect to the internet quicker after being turned on. Patent No. 9,535,490 speeds up internet connections. Finally, Patent No. 8,633,936 enables high performance and rich visual graphics for games, while also increasing battery efficiency.

The $31 million bill will actually mean very little to Apple. Looking at the iLeader’s 2018 full year results, it would take just under 62 minutes Apple to generate revenues to cover the $31 million, though it does set precedent around the world.

Alongside this ruling in San Diego, courts in China and Germany has also ruled Apple has infringed Qualcomm patents, questioning whether Apple is legally allowed to continue sales not only in these countries, but other territories around the world. In Germany, Apple has been barred from selling any iPhone 7 and 8 models, while in China all devices from the iPhone 6 to the iPhone X have also been banned from sale.

The legal battle between two of the digital economy’s heavyweights has been dragging on for some time now, but this round has been undeniably chalked up to Qualcomm.

Apple will struggle with 5G for years – analyst

Not only will Apple lag its competitors by at least a year in launching a 5G phone, it might still suck anyway according to a semiconductor analyst.

Bloomberg apparently got hold of a research note from Matthew Ramsay, who heads up the TMT semiconductor business at Cowen. He seems to reckon Apple has boxed itself into a corner by ditching Qualcomm as a 5G modem supplier and is now seriously short of good options in that area. He also expressed surprised that Apple has allowed this situation to develop.

Ramsay detailed four main options for Apple for 5G, but he doesn’t think any of them are great. The first is what is generally assumed: that Apple will launch 18 months behind the competition with an Intel 5G modem that is expected to be inferior and not even support mmWave. The recent MWC show saw the first 5G phones launched but Apple tends to announce new iPhones in September, hence the big lag.

Rubbish option number two is to see if anyone else can help Apple out on the modem side of things. But Huawei is off the table due to all the aggro it’s getting from the US and Samsung would be likely to ruthlessly exploit its overwhelmingly strong bargaining position, since it’s another of the long list of companies Apple is on frosty terms with. Other than that there’s Taiwanese MediaTek, but Ramsay seems to think it’s even further behind than Intel.

A third, highly implausible, option would be for Apple and Qualcomm to kiss and make up. Not only does there seem to have been too many things said that can’t be unsaid in their bitter legal dispute, but that would be an utter humiliation for Apple and surely Qualcomm wouldn’t be able to resist imposing punitive terms. Having said that, sometimes pragmatism and enlightened self-interest prevail, but we would be amazed if they did in this case.

The last option would be for Apple to buy Intel’s modem business from it in order to accelerate the development process. This would be expensive but Apple can certainly afford it. There is, however, no guarantee Apple would improve on Intel’s efforts since modems are hardly a core competence. It’s even less likely that Apple would be able to make a material improvement in the next year or two.

A fifth option not posited by Ramsay would be for an even longer delay in bringing a 5G phone to market. Apple is brilliant at marketing and could easily throw resources at belittling 5G in the short term to downplay the significance of its absence from that market. That argument would certainly find some sympathy from us in the short term, but it would surely start to wear thin before long.

Xiaomi brought an old phone to Barcelona but added 5G to it

Xiaomi used Mobile World Congress 2019 to launch a 5G version of its Mi Mix 3 smartphone. The product will be available in the markets by May 2019.

Under the banner of “We Make It Happen” and billed as its first Mobile World Congress product launch (despite that it took place one day before MWC started), Xiaomi introduced the Mi Mix 3 5G version. The original 4G version of the phablet / super-sized phone was launched in October 2018. The new 5G reincarnation is powered by Qualcomm’s Snapdragon 855 equipped with the new X50 5G modem.

“Xiaomi has spent tremendous efforts developing a 5G smartphone solution and Mi MIX 3 5G represents Xiaomi’s quest to create innovative products for everyone,” said Wang Xiang, Senior Vice President of Xiaomi. “We are also delighted and honoured to be working with our partners to make 5G a reality for even more users all over the world.”

By partners on this particular occasion he definitely included Qualcomm and Orange, both of which endorsed the product launched. Cristiano Amon, President of Qualcomm Incorporated, shared the stage at the event. “We are thrilled to continue our long-standing collaboration with Xiaomi to help bring deliver unprecedented 5G speeds and transformative user experiences to consumers through their latest flagship smartphone, Mi MIX 3 5G,” he said.

Then a live 5G video call on the Mi Mix 3 5G was made on stage with an off-site Orange Spain executive, using Orange network. This may look commonplace nowadays, but it made history for Xiaomi: it was Xiaomi’s first 5G video call outside of China, the company claimed. It did not let go the opportunity without a subtle poke on AT&T either. When pointing at the on-screen 5G symbol, the Xiaomi product development director stressed this is real 5G, “not fake 5G”.

With the exception of 5G, all the other features and specs of Mi Mix 3 5G are the same as its 4G predecessor. The 5G version will be available in May and is priced at 599€.

Xiaomi Mi Mix 3 launch Feb 2019

Also introduced at the event is Mi 9, its new flagship smartphone launched in China a few days ago. Xiaomi spent a fair amount of time promoting the triple-camera, especially the AI performance to support different picture taking scenarios. Also being highlighted was Mi 9’s full-curved back cover, which it claimed to be inspired by the works of Antoni Gaudí, much to the delight of the local audience.

The Mi 9 is priced at 449€ for the 64GB version, and 499€ for the 128GB version. It is open to pre-order from today in Spain, France, and Italy.

The new product launches are packaged as steps taken to carry out the company’s “dual-core strategy” of Smartphone+AIoT that Xiaomi’s founder launched recently. Xiaomi’s executive threw in quite a few impressive numbers as proofs. For example, the number of monthly active users of MIUI (Xiaomi’s skin on top of Android) has reached 224 million; more than 2,000 products have been brought to the market by over 200 companies in the Xiaomi ecosystem; there are 132 million activated Xiaomi consumer IoT products, which has made it the world’s largest consumer IoT company.

It is also collaborating with IKEA and Philips to popularise smart homes and smart lighting. To make the point, Xiaomi’s executive went into a demo home environment on stage, attempting to switch off the smart air purifier with Google Assistant voice command. He did not quite pull it off. The air purifier refused to switch off, twice. Then he gave up.

Qualcomm upgrades its 5G modem

Mobile chip maker Qualcomm has unveiled its big MWC news early, in the form of the X55 5G modem, which is five better than its predecessor.

The new modem supports both flavours of 5G as well as all the older Gs and all the spectrum bands you could possibly want. It’s manufactured on a 7nm process and promises download speeds of 7 Gbps and 3 Gbps uploads speeds. The previous X50 modem only managed a mere 4 Gbps. Even the Cat 22 LTE part manages 2.5 Gbps download.

“With significant evolution in capabilities and performance, our second generation commercial 5G modem is a true testament to the maturity and leadership of our 5G technology,” said Qualcomm President Cristiano Amon. “We expect our 5G platform to accelerate 5G commercial momentum and power virtually all 5G launches in 2019 while significantly expanding the global 5G rollout footprint.”

That ‘virtually all 5G launches’ claim could be challenged in as little as a week. We may well see some 5G handset launches at Mobile World Congress and one of the biggest smartphone vendors – Huawei – has already launched its own 5G modem. Apple doesn’t bother with MWC but has indicated it would sooner make a bonfire out of iPhones then even be in the same room as Qualcomm.

Seeking modem autonomy is perfectly understandable but Qualcomm reckons it’s pretty far ahead of the chasing pack when it comes to the tech. Huawei’s speed claims don’t seem too far off Qualcomm’s but it’s not yet known how they compare when it comes to size, power efficiency, etc. And apart from Huawei and Apple Qualcomm will probably own the rest of the 5G market.

Snapdragon X55 claims to be the first announced modem to support 100 MHz envelope tracking technology, and adaptive antenna tuning for 5G sub-6 GHz, designed for power-efficient connectivity. Qualcomm can also presumably offer it integrated into the Snapdragon 855 SoC and thus cater to all your mobile chip needs. Here’s a vid.

 

Apple steps up in-house modem efforts – report

Its dispute with Qualcomm seems to have pushed Apple towards developing its own modem in-house so it no longer has to rely on external suppliers.

Apple has been making its own application processors for years thanks to the ARM IP licensing business model and the acquisition of PA Semi not long after the iPhone was launched. Making a competitive modem is a much trickier proposition, however, which is why Apple continued to pay Qualcomm for the job however deeply it resented doing so.

Following the collapse in relations between them it looked like Apple was going to turn to Intel for all its modem needs, but a report from Reuters would seem to indicate that’s not the long term plan for Apple, and that it would rather have full control over its modem destiny.

Apparently Apple has now shifted its modem silo from the supply chain unit to the hardware design one. Accordingly Johny Srouji, who heads up the hardware side of things at Apple, will now also have to deal with this future modem. This especially makes sense since Srouji, who worked at Intel for a while, was brought in in 2008 to head up the in-house SoC side of things.

The benefits of doing as much manufacturing in-house are clear, especially for products as integrated as Apple ones, but Qualcomm has a clear lead when it comes to modem design. What if the future Apple modem is an order of magnitude slower than Qualcomm – what kind of effect might that have on iPhone sales? We’ll probably find out in a few years.

Q4 2018 earnings roundup: Facebook, Qualcomm and Microsoft

It’s that time of the quarter when all the earnings announcements come at once, so here’s a brief look at three US tech heavy-hitters.

Facebook is never too far from the headlines, but this is attention investors won’t be too disappointed in receiving. Facebook’s quarterly figures suggest that while the world might disagree with its ethics, morals and basic decency, we just can’t stop telling people about the snow or posting pictures of a deconstructed Shoreditch coffee.

Over the last three months, total revenues stood at $16.9 billion, a 30% year-on-year jump, while net income jumped 61% to $6.8 billion. We might not trust Facebook, but we can’t stop using it.

Daily Active Users were 1.52 billion on average for December 2018, an increase of 9% year-over-year, while Monthly Active Users were 2.32 billion as of December 31, another 9% increase. Facebook estimates 2.7 billion people now use Facebook, Instagram, WhatsApp, or Messenger, while 2 billion use at least one of the services once a day.

“Going into 2019, we’re focused on four priorities: first, continue making progress on the major social issues facing the Internet and our company; second, build new experiences that meaningfully improve people’s lives today and set the stage for even bigger improvements in the future; third, keep building our business by supporting the millions of businesses, mostly small businesses, that rely on our services to grow and create jobs; then fourth, communicate more transparently about what we’re doing and the role our services play in the world. And I want to take a minute talk about each of these,” CEO Mark Zuckerberg said during the earnings call.

Qualcomm is another company which is never too far away from the headlines, but for quite different reasons.

The last quarter proved to be another which saw the legal battle with Apple take another incremental step forward, but this does not seem to have weighed too heavily on the business. Over the last three months, the chipmaker beat market expectations and signed a new interim patent contract with Huawei Technologies.

The deal with Huawei is perhaps an important one as it lessons the strain placed on the over-worked Qualcomm legal team. Under the new deal, Huawei will pay $150 million per quarter for three quarters, providing a bit of breathing room as the pair look to rectify a licensing dispute. Qualcomm believes this is less than it is owed but indicated this is progress.

In terms of the figures, the last quarter brought in $4.8 billion, a decline of 20% year-on-year, though net income stood at $1.1 billion. Forecasts for the next quarter see the company offering a range of $4.4 billion and $5.2 billion, meeting analysts’ estimate of $4.80 billion, with the market reacting positively to the news. Revenues might be down, but there is a lot of potential on the horizon.

Finally, onto Microsoft, the only one of this trio which seems to have a positive reputation across the wold.

Satya Nadella might not be the most rock n’ roll CEO on the technology scene right now, but you certainly can’t argue with the results he delivers. Microsoft had another positive three-month period, with the Intelligent Cloud business claiming the plaudits.

“Our strong commercial cloud results reflect our deep and growing partnerships with leading companies in every industry including retail, financial services, and healthcare,” said Nadella. “We are delivering differentiated value across the cloud and edge as we work to earn customer trust every day.”

Total revenues increased 12% to $32.5 billion, while the boost to operating income was 18% as the bean counters revelled in $10.3 billion. Looking at the individual business units, revenues in Productivity and Business Processes was $10.1 billion, up 13% year-on-year, Intelligent Cloud jumped 20% to $9.4 billion and More Personal Computing was up 7% to $13 billion.

You might not want to go clubbing with Nadella, but if he carries on this trajectory he’ll never have to buy a drink again.

Qualcomm’s business model hangs in the balance as FTC case concludes

The US Federal Trade Commission accused Qualcomm of abusing a monopoly two years ago. Now a judge is set to decide if it was right to do so.

The original accusations coincided almost exactly with the commencement of hostilities between Qualcomm and Apple, with the latter saying the former was getting away with overcharging for its mobile chips thanks to having a monopoly in that market. The FTC case pretty much echoed that claim, with accusations of FRAND patent abuse thrown in for good measure.

It apparently takes a couple of years for this sort of thing to play out and the respective parties delivered their closing arguments recently. The FTC doesn’t seem to have made a formal announcement on the matter but credit to Cnet which has actually done some old fashioned reporting and sent someone into the court room.

Here’s the Cnet report from 15 Jan, which covers the FTC side of the case. The core of it seems to be that forcing companies who want to buy its chips to also take out patent licenses is wrong. It also claims that this process prevents other chip makers coming into the market and thus harms competition. Unsurprisingly a couple of Apple execs turned up to support the FTC case.

Among the FTC’s closing arguments is the warning that, if Qualcomm isn’t stopped, it will abuse the 5G market as it has previous once. But Apple’s own shift from Qualcomm to Intel chips would appear to contradict that assumption, as does Huawei’s recent launch of a 5G modem. These are also unhelpful in its bid to claim Qualcomm has a monopoly.

“The FTC hasn’t come close to meeting its burden of proof in this case,” said Qualcomm General Counsel Don Rosenberg in a press announcement. “All real-world evidence presented at trial showed how Qualcomm’s years of R&D and innovation fostered competition, and growth for the entire mobile economy to the benefit of consumers around the world.

“Our licensing rates – which were set long before we had a chip business, and revalidated time and again – fairly and accurately reflect the value of our patent portfolio. Qualcomm’s technology has been the foundation of a thriving, competitive industry.”

Now Judge Lucy Koh, who’s a veteran of this sort of thing, needs to weigh up all the evidence and arguments, and make a call one way or the other. The stakes are pretty high for Qualcomm as a decision against it would effectively be a decision against a big part of its business model. Expect Qualcomm’s share price react strongly either way when the decision is announced, which Koh warned might take a while.