A popular Chinese-manufactured phone has a built-in censorship tool that can blacklist search terms on the web, according to research by the Lithuanian government, which is urging owners of the phones to replace them.
The Lithuanian Ministry of Defense analyzed three popular Chinese-made phones currently sold in Europe: the Xiaomi Mi 10T 5G; the Huawei P40 5G; the OnePlus 8T 5G. It reported finding a censorship tool built into the Xiaomi phone that can block certain search terms, including “Long live Taiwan’s independence,” “Free Tibet,” “Democratic Movement,” and “Voice of America.”
“It is very, very worrying that there is a built-in censorship tool and of keywords, which filters or could filter your search on the web,” Lithuanian Vice Defense Minister Margiris Abukevicius told VOA.
Xiaomi is the most popular smartphone brand in Europe. The Lithuanian researchers said the blacklist function was turned off on the Xiaomi phone sold in Europe, but it can be activated remotely. The list of blocked search terms appears to be continually updated. There were 449 words or phrases on the blacklist in April 2021. By September, that number had tripled to 1,376.
“We clearly saw that all of those key words are politically motivated,” Abukevicius said. “Terms such as Tibet, Taiwan, democracy, U.S., and some companies like yours [Voice of America], are mentioned in that list. And they are adding [words] not only in Chinese, they are also adding words in Latin [script].”
German security services also have begun a technical examination of the Xiaomi phone.
Xiaomi did not respond to VOA requests for comment. The firm said this week it was engaging an independent expert to assess the findings.
The Lithuanian researchers found the Huawei P40 5G model collected users’ data — including how long they spent using the apps — and stored it on servers outside the European Union, beyond the jurisdiction of the EU’s strict data laws.
The report said Huawei’s official app store, called AppGallery, directed users to apps containing malware.
“A portion of the mobile applications contained on the application distribution platforms are imitations of the original applications, with malicious functionality or virus infestation; such applications can be downloaded and installed by the user on the mobile phone, thereby jeopardizing the security of the device and the data contained in it,” the report said.
“Data security risks have also been identified in the Xiaomi device; factory-installed system applications send statistical data on the activity of certain applications installed on the device to servers of the Chinese cloud service provider Tencent, located in Singapore, the USA, the Netherlands, Germany and India,” the researchers wrote.
In a statement, Huawei told VOA, “Huawei has always adhered to the principle of integrity, abided by the laws and regulations of the countries and regions where it operates. Huawei has a strong cybersecurity record in more than 170 countries and regions and has served over 3 billion users. Data is never processed outside the Huawei device.”
It added, “Huawei is transparent about the necessary data it collects from customers, which is kept to a minimum and used to enhance personalization and the user’s experience. Huawei makes it clear that these apps are from publicly available sources, so the user isn’t forced to download an app.”
Lithuania has told government workers to get rid of the Xiaomi and Huawei phones. Abukevicius told VOA that other countries should take note of the research.
“On the basis of national security, really, we are looking for ways to protect our state institutions and institutions working in national security and give them a chance to only work with trusted suppliers. When it comes to consumers, we are giving recommendations of course, you know, to really avoid using cloud services, avoid using some applications, Chinese-made applications,” Abukevicius said.
China has yet to comment on the report. Many Western countries, including the United States, have blocked Huawei from the rollout of 5G mobile networks, fearing the company poses a security risk.
“I think our research is an illustration of how we should go beyond that discussion in the telecommunications sector, that we should think about other sectors,” Abukevicius said.
The report comes against a backdrop of tense relations between Lithuania and China.
Both countries have withdrawn their ambassadors after Lithuania agreed to allow Taiwan to open a de facto embassy there using its own name. China claims Taiwan as its own territory.
In many countries, Taiwan’s diplomatic missions are named after the capital, Taipei, rather than the island itself. In retaliation, Beijing last month halted rail freight to Lithuania and suspended trading licenses for Lithuanian producers.
The United States has reiterated its support for Lithuania in the face of what Washington called “economic coercion” by China.