The Lithuanian defence ministry claims Chinese smartphones are compromised with built-in censorship elements which can allow the manufacturers to periodically store and send personal data.
Lithuania’s Ministry of National Defence has recommended against purchasing Chinese-made 5G smartphones and advised people to throw away the ones they have now after its National Cyber Security Centre found the devices had built-in censorship capabilities.
“Three Chinese manufacturers that have been supplying 5G mobile devices to Lithuanian consumers since last year and are identified as somewhat risky by the international community were selected,” said Vice Minister of National Defence Margiris Abukevičius.
"Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," Abukevicius told reporters.
Chinese flagship mobile phone models, Huawei P40 5G , Xiaomi Mi 10T 5G and OnePlus 8T 5G, that are sold in Lithuania were investigated by experts from the ministry.
The investigation has revealed four substantive cybersecurity risks, including personal data security, possible clash with freedom of speech.
Xiaomi Corp has a built-in ability to detect and censor some terms against the Chinese political ideology such as “free Tibet,” “long live Taiwan independence” or “democracy movement,” Lithuania's state-run cybersecurity body said.
In total 449 keywords and keyword combinations in Chinese characters were censored.
Several apps on the smartphone periodically download a list of banned keywords from the manufacturer company, if the downloading contents include keywords from the list, it is automatically blocked.
The investigation also concerned Xiaomi Mi Browser’s using Chinese Sensor Data which “collects and periodically sends out data on as many as 61 functionalities regarding user activities on the device.”
“In our view, this is excess information collection on user activities. Another risk factor is the fact that the abundant statistical data is sent to Xiaomi servers in third countries that do not observe General Data Protection regulation via an encrypted channel and is also stored there,” said Dr. Tautvydas Bakšys, head of Innovation and Training Division of the National Cyber Security Centre.
The report also said the Xiaomi phone was sending encrypted phone usage data to a server in Singapore. A security flaw was also found in the P40 5G phone by China's Huawei but none was found in the phone of another Chinese maker, OnePlus, it said.
Huawei's representative in the Baltics told the BNS news wire its phones do not send user's data externally.
Relations between Lithuania and China have soured recently. China demanded last month that Lithuania withdraw its ambassador in Beijing and said it would recall its envoy to Vilnius after Taiwan announced that its mission in Lithuania would be called the Taiwanese Representative Office.
Taiwanese missions in Europe and the United States use the name of the city Taipei, avoiding a reference to the island itself, which China claims as its own territory.
Belgium’s intelligence services also warn against spy-risk
In July, Belgium’s state security spokesperson Ingrid Van Daele warned of the possible risk of spying by China-manufactured smartphones which are very popular among Belgian consumers.
At the end of last year, Xiaomi became the third most used smartphone brand in Belgium after Samsung and Apple.
There is a "systematic and deep interaction between these companies and the Chinese government," according to the country’s intelligence services.
Although there is no concrete case of espionage yet, "we would like to draw the attention of consumers to the potential threat of espionage when using these devices. We therefore advise them to be vigilant,” Van Daele said.
There is interdependence between the Chinese government and companies because of the law on national intelligence which makes collaboration with intelligence services compulsory for the companies.