HMD in a long blog post has today shared the findings of its investigation in regards to the allegations of personal data sharing by a batch of Nokia 7 Plus phones. HMD has rubbished the claim that any personal data has been leaked or shared by these phones that by mistake had “device activation client meant for Nokia 7 Plus China variants” included in their software package.
We have looked deeply into the case at hand and can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server.
HMD has also confirmed that this issue was resolved and the device activation client was switched to the right country variant in February 2019 by a software fix.
However, such data was never processed, and no person could have been identified based on this data. To be clear, no personally identifiable information has been shared with any third party. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it. If you want to check if your Nokia 7 Plus has received the security fix, we have included step-by-step instructions below.
HMD has also put any speculations about any Nokia Phones data sharing to any 3rd party servers to the rest. While China variant phones data is stored in a China based server, other global Nokia variants have their data stored in Singapore.
There is also some speculation about other Nokia phones sharing similar data with third-party servers. We can confirm that this is incorrect speculation and no Nokia phones are impacted. All device data of Nokia Phones other than the China variant is stored at HMD Global’s servers in Singapore provided by Amazon Web Services.
If you want to read more about what kind of data is collected by HMD then you can read below and check the featured image above. You can also check the blog post for more.
Why do we collect data from the devices?
We collect data from devices for two primary reasons:
Activating device warranty: When the device is taken into use for the first time, it sends data to our servers. This data helps us activate warranty on the device.
Improve user satisfaction: In case you choose to participate in the User Experience Program, we collect device satisfaction feedback and diagnostics data from your Nokia phone. This helps us to enhance our products and services based on your feedback.