Mistakes and software bugs are a normal fact of life but some can be more damning than others. At a time when phone manufacturers, especially Chinese ones, are fighting to wash their hands clean of any perception of political bias, even an allegedly innocent mistake could become a PR and legal mess. That might be the situation Finnish company HMD Global might find itself in after it has been discovered that a number of its Nokia 7 Plus phones have been sending data to a still-mysterious server located in China.
Whenever data is secretly being sent to a server in China, conspiracy theories arise. Even more so when the domain for that server, in this a certain vnet.cn, is owned by China Telecom, one of the state-controlled network operators in the country. And when neither China Telecom nor HMD Global is able to tell who actually owns the server and receives the data, the plot thickens even further.
Backtracking a bit, a reader for Norwegian site NRKbeta observed that his Nokia 7 Plus was exhibiting odd network activity every time it was turned on or unlocked. He traced not only the said server but also what data was being sent. Shockingly, the phone was sending unencrypted, and therefore very readable, data that easily identifies the phone (IMEI and MAC), its SIM and network connections.
For its part, HMD Global admitted the observation but clarifies a few things. For one, it only affected a single batch of Nokia 7 Plus units and it was simply a software packing error that attempted to send activation data to a foreign country. That was supposedly already fixed by a software update last February and the company insists that no personal information was shared with third-parties or the Chinese government.
HMD, however, remains silent on a few matters, like why or how the phones were sending activation data to that particular server in the first place. Its mea culpa might not be enough to save it from an investigation by Finnish authorities who already pledged to look into the matter.