Security audit raises severe warnings on Chinese smartphone models

The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit.

The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.



The OnePlus 8T 5G—arguably, the best-known and most widely marketed phone of the three—was the only one to escape the NCSC's scrutiny without any red flags raised.



Xiaomi's Mi 10T 5G ships with a nonstandard browser called "Mi Browser." The NCSC found two components in Mi Browser which it didn't like—Google Analytics, and a less familiar module called Sensor Data.

https://arstechnica.com/information-technology/2021/09/security-audit-raises-severe-warnings-on-chinese-smartphone-models/