WingNews logo WingNews GitHub [2]
top | item 18237890

Reverse Engineering of a Huawei P20 from China

72 points| Schiphol | 7 years ago |twitter.com | reply

33 comments

order
[+] majia|7 years ago|reply
Not surprising, it's a phone model for Chinese market. The "evil services" are the Chinese equivalents of Google Maps, Google Analytics, Google Search, FB messenger, and iCloud/Samsung cloud.

The real issue is that most phone makers have tons of unnecessary services pre-installed in their phones, such as social media login, location tracking, and cloud storage. It would be better to design/license Android OS in a way that gives user complete control on what is pre-installed.

[+] devy|7 years ago|reply
Yep. That's exactly it. Those unnecessary service calls are more likely to be Google-esque services for event tracking and user analytics than spying like U.S has portraited. In the old days when carriers released major smartphones, those will be the equivalent of bloatwares and their supporting services. If the guy examines Samsung Galaxy phones, it would almost be the same. The only difference is probably that TLS adoption are VERY LOW in Chinese market (Surprised? Not for a surveillance heavy society!), hence their services aren't using https as much as it should.
[+] sschueller|7 years ago|reply
I was surprised how well the negative campain against Huawei has worked in the US (justified or not).

I was talking to a none tech friend from the US and when I mentioned Huawei he went on a rant how they are Chinese spy devices.

Meanwhile here in Europe Huawei phone are quite popular and sold through carriers.

[+] Steltek|7 years ago|reply
To raise the other kerfuffle du jour, how is Huawei going to fare when these findings meet the GDPR? Where is the informed consent to shipping all of this PII to who knows where? And in cleartext, without even the slightest effort at protections?
[+] Someguywhatever|7 years ago|reply
I think they are also popular in Canada. You can get various versions of the Huawei P20 through carriers here. I don't regard them as spy devices. I think it's mostly a US thing.
[+] temporaryred|7 years ago|reply
It is absolutely insane to me that the market has not demanded for open source hardware and software. A competent company would be able to trivially hide such requests. How am I supposed to trust a large competent organization when there seems to be no incentive for them to operate on the behalf of the privacy of a user?
[+] hkai|7 years ago|reply
I still cannot believe that people would voluntarily buy Chinese phones. Would you buy a North Korean phone? If not, why are you buying a Chinese one?
[+] molteanu|7 years ago|reply
I still cannot believe that people would voluntarily buy US phones. Would you buy a phone from the country known for its spying abilities with dozen of agencies involved in this, from NSA to CIA to companies like Facebook, Google and the rest? You mean to tell me that all these US phones are nice and clean? Yeah, right.

Disclaimer: I have a Huawei P10. Awesome product.

[+] saiya-jin|7 years ago|reply
Chinese, american, korean, what does it matter to european? Not a bit. Nobody has some high moral ground we so desperately wish for. If you don't want to be spied on, don't get a phone. Otherwise, you're screwed like rest of us.

Better be smart with what you actually do with the phone and what kind of data/apps you use it for.

[+] majia|7 years ago|reply
If North Korean can make good phones at an affordable price, people will buy them too, just like we buy Saudi Oil.
[+] posterboy|7 years ago|reply
P20 lite had the best specs at a mid rande price point. and good specs. Alas it's also quite large. P20 (non lite) has a cv ai chip, how does that fit in with the spying!?
[+] sct202|7 years ago|reply
Some people like my parents only use their phones to get directions, group chat socially, and send pictures. There's like nothing interesting to steal from them.
[+] echevil|7 years ago|reply
They are good phones. I'm very interested in Xiaomi's Mix 3 that's going to be announced end of this month now.
[+] gizzlon|7 years ago|reply
Seems like it's only the Chinese (non Play) version of the phone?
[+] diaonaxing|7 years ago|reply
Do you have a oversea version for further investigation? You know HUAWEI will not provide BL unlock code anymore.
[+] _hao|7 years ago|reply
I'm curious do you consent with this when you buy the phone?
[+] echevil|7 years ago|reply
No. I also don't consent website tracking detailed information about my device when I visit a webpage, but that happens as long as I on internet.
[+] joewee|7 years ago|reply
One could argue iPhones collect similar data. How does apple know that the user you are texting has iMessage if it isn’t sent to apple?
[+] codemusings|7 years ago|reply
One could not, really. E2E encryption does not mean peer to peer. Most messenging services use a client server model. You can easily use identifiers without ever collecting personal data.

Nobody knows for sure of course unless you have access to the relevant code but Apple is at least not in the business of selling data to advertisers or needs to bolster their budget with buy in from data mining companies.

[+] diaonaxing|7 years ago|reply
It seems this news hasn't reach to Chinese media. They are still talking about the new Mate 20
[+] vivab0rg|7 years ago|reply
Just buy a phone you can always root?
[+] devy|7 years ago|reply
@fs0c131y (Elliot Alderson) profile description reads:

   French security researcher. Worst nightmare of Oneplus,
   Wiko, UIDAI, Kimbho, Donald Daters and others.
I wonder how he thinks about 1+'s security comparing to Huawei's.