German security company Nitrokey recently released a report claiming that it has discovered an unrecorded feature in Qualcomm Snapdragon chips that collects and transmits user information directly to Qualcomm servers.
The feature is not dependent on the Android operating system, which means that the data is transmitted even if the operating system is not involved. Nitrokey installed a Google-free version of Android on a Sony Xperia XA2 phone equipped with a Qualcomm Snapdragon 630 chip and found that the data was being transmitted to the izatcloud.net server, which belongs to Qualcomm.
According to the report, Qualcomm chips collect and transmit user information, including the unique smartphone identifier, chip name, chip serial number, XTRA software version, mobile country code and mobile network code, type, and version of the carrier or operating system, device manufacturer and model, program list on the device, IP address, and other data. The data is transmitted via the insecure HTTP protocol without any additional encryption, making it accessible to virtually anyone who can read the unique identifier data sent to Izat Cloud.
Unencrypted data transmission from Qualcomm chips
This feature affects approximately 30% of phones worldwide, including Android phones and iPhones that use Qualcomm communication modules. Nitrokey’s conclusion in the blog post is that Qualcomm’s customized AMSS firmware takes priority over any operating system and, because it uses the HTTP protocol, a unique device signature can be created based on the collected data, which can be accessed by third parties.
Qualcomm responded to the report, stating that the data transmission is in compliance with the privacy policy of the XTRA service, which actually allows the company to collect the aforementioned user data. However, the fact that the data is transmitted via the insecure HTTP protocol has raised concerns about the privacy and security of user information.
This report highlights the importance of ensuring that user data is transmitted securely and in compliance with privacy policies. It also underscores the need for greater transparency from tech companies regarding the data they collect and how it is used. As more devices become connected and collect more data, it is important that users are aware of how their information is being used and have the ability to control it. Google’s recent update for developers mandates that all Android apps must now include a feature allowing users to delete their accounts and data, reflecting the increasing focus on user privacy.
RELATED:
- Snapdragon 8 Gen 3 tipped to feature 3.7GHz frequency boost and new architecture
- Qualcomm’s new upscaling tech will potentially boost Android games to 4K 60fps
- Qualcomm confirms the chip underneath the Poco F5
- Honor Magic5 Pro vs Huawei P60: Specs Comparison
