Nokia recently got itself embroiled in data breach controversy for supposedly collecting and sending user data to China by mistake.

The Finnish smartphone maker has already denied rumors that its Nokia 7 Plus or any other handsets were sending personal data to a third party.

However, it is important to understand how talks about the potential data breach started and what really happened.

Nokia Phones Data Breach Controversy

News about the data breach first broke after several Nokia 7 Plus users noticed usual operational behavior from their smartphones, according to website NRK Beta.

A Norwegian user by the name of Henrik Austad observed the traffic on his Nokia phone and found that it would often contact an overseas server and send unencrypted data packets to it.

Each time the smartphone was turned on, Austad said the device would supposedly send his phone's serial number, his SIM card number, and even his current geographical position to a server somewhere in China.

However, HMD Global, the owner of the Nokia brand, clarified that no such data transfer involving Nokia 7 Plus has occurred. The company clarified that it was more of an error in the packing process of smartphones' software.

"We have looked deeply into the case at hand and can confirm that no personally identifiable information has been shared with any third party," HMD Global wrote in its statement.

"We have analysed the case at hand and have found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones."

The smartphone maker said it has already issued a fix for the problem for all affected Nokia handsets.

Why Nokia Needs To Collect Data

For people who want to know why Nokia even had to collect data in the first place, HMD Global offered two main reasons:

First is to activate the device warranty. Nokia needs to collect data from its phones to help activate their device warranty. Whenever a user starts up his smartphone for the first time, the handset would contact Nokia's server and send its data to it.

Second is to improve user satisfaction. Nokia also offers users a chance to take part in its User Experience Program. Owners would be asked to send in their phone's diagnostics data, as well as their feedback on how satisfied they are of their device. These would help Nokia improve its products and services further.

All data collected by Nokia through its devices outside of China are sent to HMD Global's servers located in Singapore. The company said the facility is powered by Amazon Web Services and follows strict privacy laws and GDPR guidelines.

Meanwhile, data from Nokia handsets in China are sent to local servers in the country. HMD Global said this is in compliance with China's own Cyber Security Law.

China's Cyber Security Law

The Chinese government requires smartphone makers to collect data from all devices in China and sent them to a server in the country. This means that every time a user in China turns on their phone, their location and information are sent to the state through hardware tracking.

Some observers believe this policy was set in place in order for the government to keep an eye on its people.

Since Nokia is one of the smartphone brands available in China, HMD Global is required to develop their phone's OS to have this same feature. Otherwise, the company will not be able to sell any of its products in the large Chinese market.

This would help explain why the Nokia 7 Plus smartphones in Norway that had the Chinese activation client by mistake tried to contact HMD Global's servers in China.

ⓒ 2021 All rights reserved. Do not reproduce without permission.