Why do I not recommend using Chinese devices?

It's no secret that our smartphones know too much about us. Sometimes even more than we do. And while your gadget is with you, it's hard to find even a minute when no information about your actions gets into the network.

Phone manufacturers want to make their gadgets unique. Some achieve this by implementing exorbitant configurations (hello, Nokia 9 with five cameras), while others, who do not have such resources, adorn unremarkable hardware with proprietary firmware. Sometimes the whole" uniqueness " of the firmware is in the branded launcher and wallpaper, in others there is a complete reworking of Android.

The second method is used by the famous Chinese company Xiaomi, known for its budget Redmi line and quite interesting MIUI firmware, in which almost nothing remains of the original Android. So does Meizu, which releases its phones with Flyme firmware.

And if everything is more or less clear with Google's own phones — the company publishes information about what data they collect openly and even allows you to take a dump of this data for yourself — then what do Chinese smartphones collect about us?

Who knows what about us?

Basically, it collects information:

• Google.
• Xiaomi / Meizu / other company.

We know from the privacy statement that Google collects and stores a lot of information. This:

• your search history, and not only in the branded search engine, but also in YouTube, which, as you know, is also owned by Google. By default, the collection of this information is enabled and is not advertised in any way, but you can disable its collection on the account settings page;
• full history of your location, extracted from your smartphone. This is the responsibility of the unkillable GoogleLocationService, which works even if the GApps are installed in the pico variant. Its special feature is that not only GPS is used to determine the location, but also cell towers and WiFi networks. All this information is stored locally, but if you have an Internet connection, it is merged to Google servers;
• information about the apps on your device and their versions. This data is merged by the Play Market and is needed, I hope, only for statistics. Based on these statistics, the "You may like it" section in the Play Market is filled in;
• all your contacts. The synchronization service, which is enabled by default, is responsible for collecting them;
• recordings of all voice requests;
• complete and detailed statistics of your actions with your phone and search.

However, it is possible to tell what exactly Google collects about us for a very long time. I think that this very meager set will be enough for you to understand what this state of affairs smells like.

The list of information that Xiaomi collects is also very extensive (the original spelling is preserved):

• Information that you provide to us or send(including contact details): we may collect any personal information that you provide to us, such as your name, mobile phone number, email address, delivery address, Mi details (such as security-related information, full name, date of birth, gender), order details, invoices, materials or information that you can sync via cloud Mi or other applications (such as photos, contact lists), information regarding creating an account and participating in the MIUI forum on xiaomi or another platform, phone numbers that you enter in "contacts" or send a message, feedback, and any other information that you provide to us you provide it.

• Device or SIM Card Information: Information related to your device. For example, IMEI number, IMSI number, MAC address, on MIUI, android version, part number and model name, network operator.
• Information about you that may be assigned by us: We may collect and use information such as Mi Account ID.
• Location Information(only for specific services/features): various information about your location. For example, country code, city code, mobile network code, mobile identity, longitude and latitude, language settings.
• Information Log: Information related to the use of certain features, applications, and websites. For example, cookies and other anonymous technologies such as ID, IP addresses, temporary message history, and standard system logs.
• Other information: Environmental Performance Value (OKP) (the value generated by the Mi account number, phone number, device ID, connected Wi-Fi Internet ID, and location value).

We may also collect other types of information that are not related to an individual and that is anonymous. For example, device models and system versions the number of Xiaomi users in a mobile phone device can be obtained when using a particular service. This information is collected in order to improve the services we provide to you. The type and scope of information collected will depend on how you use, agree to, or participate in our products and/or services.

In light of this, the old Soviet phrase "We need the world, and if possible — the whole" takes on a slightly different wording: "We need your data, and if possible-everything." Does that sound sad? Well, prepare for the worst.

Data interception test bench

The tools are simple: Fiddler, Wireshark, and tcpdump. We will put Fiddler with Wireshark on a large machine, and tcpdump on a phone with freshly installed firmware. The algorithm of actions will be as follows:

1. Install a clean firmware (if possible without GApps).
2. Without activating the Google account, we install tcpdump and (if possible and necessary) the Fiddler root certificate.
3. We connect to the WiFi network, which is distributed from the laptop (Wireshark and Fiddler are sitting there).
4. We sit in ambush for half an hour.
5. We poke the menu, in every possible way simulating the user's actions, but we do not change anything.
6. Disable everything that we can disable without root rights, and once again go through steps 4-5.

Snifaem traffic from the live system

I picked up an access point from a laptop with Ubuntu 18.04 on board, set up a gateway on it, and hung up Wireshark. Of course, it is of little use if the traffic goes over HTTPS, but in most cases the very fact of establishing a connection to a certain address is sufficient proof. Further configuration is as simple as two rubles: we configure hostapd on the host machine, hang Wireshark in the same place, import the Fiddler root certificate on the phone and configure the proxy. That's it!

MIUI

From the very beginning, the firmware behaved restlessly. Requests flowed to the following servers:

• connect.rom.miui.com;
• android.clients.google.com;
• www.gstatic.com;
• mtalk.google.com;
• data.mistat.intl.xiaomi.com;
• storage.googleapis.com;
• redirector.gvt1.com;
• www.youtube.com;
• dl.google.com;
• api.sec.miui.com;
• r8—sn-cxauxaxjvh-hn9e7.gvt1.com.

The first HTTP request was to connect.rom.miui.com/generate_204, needed to test the connection. I note that requests go there almost every one and a half to two minutes, despite the absence of breaks and consistently low pings.

Once the connection was verified, the phone contacted the address data.mistat.intl.xiaomi.com/mistats/v2 and gave him almost 2 KB of data. Apparently, this is some kind of telemetry.

Then two more heavy packets with data flew to another host of this subnet (161.117.71.187), but, unfortunately, they were encoded. Both of these addresses are located in Singapore.

The next interesting request went to relocationapi. micloud.xiaomi.net/mic/relocation/v3/user/record. It contained the name of my country and the signature assigned, as I saw later, to each package for protection against forgery. The next request also sent a certain status, and then several more data packets.

The next door the phone knocked on was at api.device.xiaomi.net. The request itself was empty, but it contained cookies that contained all the information about my phone, including a unique serial number. In response, the phone received a certain serviceToken, which now glows in all HTTP requests, and not only to this address. Then my User ID and Device ID also went there.

Then we see what I expected to see at the very beginning: an appeal to the advertising network. And not just any one, but his own. Host address — globalapi.ad.xiaomi.com. The server receives the version of the advertising SDK and our User ID from the previous request. In response, we get a list of keywords according to which ads will be loaded from now on, and the time when this information is stored in the cache (specified as TTL).

Due to the popularity of the Mi line devices and especially Redmi, Xiaomi receives a lot of information. To balance the load, the company has deployed a decent-sized network around the world. My phone was attached to an Indian server, and from now on all the information goes there.

Some of the information went through the Download Provider (com.android.providers.downloads), which no sane person will prohibit access to the network. By the way, the same tricks (that is, the same packages, only with different values of channel and package_name) are turned by the theme manager (com. android.thememanager) and calendar (com. android. calendar). On average, such requests go every 30-40 seconds to different addresses and with different values of channel and package_name.

But the real spying is just beginning: at one point, we get from resolver.gslb.mi-idc.com not only our external IP address (although it is not clear why the phone needs it), but also the country, city, name of the provider, our real IP address (if we are sitting behind a transparent proxy), the domain where you need to merge statistics (I came s.mi1.cc), the TTL used, a certain tid, and two emergency addresses for use via WiFi and mobile network, respectively (I did not record any calls to them, but if the main Xiaomi servers go up, maybe something will be found).

This was all I could dig up from the unencrypted traffic, but there was still a lot of SSL and TLS traffic that I couldn't deal with. The firmware magically ignored the proxy settings, so I had to limit myself to exploring what could be obtained "with my bare hands".

As for disabling this grandiose spy machine, it has too many data collection tools built in. You will not be able to disable all this by regular means, and removing the "snitch apps" will completely turn your phone into a regular dialer, which is of no use at all.Yes, Apple also collects information. But not in such volumes. And this data goes to the Apple servers. And as for the Chinese smartphone manufacturers, then I am sure that they brazenly steal information and possibly sell it in the future.

Even more useful information on Made in Cupertino, subscribe to our channel in Telegram and be in the topic.