HMD Global clarifies privacy policy after Nokia 7 plus fiasco

JC Torres - Mar 24, 2019, 8:49 pm CDT
0
HMD Global clarifies privacy policy after Nokia 7 plus fiasco

After having become the new darling of the Android community, HMD Global’s pristine reputation was almost completely tarnished by what may have been just a simple error. Not everyone, however, might have been satisfied by the Nokia phone maker’s brief explanation and claims of an innocent mistake. To assuage those concerns, the Finnish company has published a longer explanation of what really happened and, more importantly, why there is no reason to panic.

HMD starts off by assuring Nokia 7 Plus owners that were affected by the “bug” that no personally identifiable information was transmitted much less shared with any third-party. All that was sent to the server in China were the very same pieces of data sent by any newly activated phone that it says is required for starting the phone’s warranty and, optionally, improve user experience. The latter, however, only happens with user consent by signing up for its User Experience Program.

What apparently happened was that the device activation client that was meant only for Chinese models of the Nokia 7 Plus was mistakenly put on a few phones that shipped internationally. Those Nokia 7 Plus phones tried to send the activation data to HMD Global’s server in China but failed, causing it try repeatedly and send the data over and over again. The company explains that the fix was already rolled out last month but didn’t explain why it kept silent about it.

Furthermore, the remote Chinese server in question is indeed owned by HMD Global even though the owner is mistakenly shown as the domain registrar, in this case, China Telecom. Chinese laws require that data originating from China to be stored in China. All other Nokia phones send and store their data to Amazon Web Services servers hosted in Singapore. Those, HMD Global insists, are in full compliance of privacy laws and Europe’s GDPR.

The company admits that there are indeed some legacy and poor quality code in the activation client, as found by third-party enthusiasts who tore down the software. It promises to improve its software quality while maintaining that nothing sinister has taken place behind the scenes. Whether that’s enough to satisfy both users and governments is another question entirely but it would definitely be a shame given how HMD Global has proven itself to be quite a good Android player.


Must Read Bits & Bytes