HMD Global assures that no sensitive data was sent
HMD Global got themselves in hot water a few days ago when it was discovered that a batch of Nokia 7 Plus phones was sending personal information to a Chinese server. While the affected units involved those sold in the Norwegian market, this sparked a cause for concern as personal information about the device, including GPS coordinates, SIM card number, and the devices serial number were sent unencrypted to a Chinese server.
Less than a day after the news broke, HMD delivered a statement on the issue and assured that no sensitive information was sent. They added that they made a mistake by using the wrong software package for the said batch of Nokia 7 Plus phones.
Here’s the full statement below:
We can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed and no person could have been identified based on this data. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it.
Collecting one-time device activation data when the phone is taken first time into use is an industry practice and allows manufacturers to activate phone warranty. HMD Global takes the security and privacy of its consumers seriously.