German security firm Nitrokey has discovered an off-the-shelf feature in Qualcomm Snapdragon chips, in which user information is collected and transmitted directly to Qualcomm servers. So, what information is being transmitted to Qualcomm?User information is transmitted unencrypted to Qualcomm servers
Nitrokey found that user data was transferred to Qualcomm’s izatcloud.net server in its test on Sony Xperia XA2 with Qualcomm Snapdragon 630 processor. Among the transferred information; It has unique smartphone identifier, chip name and serial number, XTRA software version, mobile country code and network code, carrier or operating system version and type, device manufacturer and model, a list of applications installed on the device, IP address and other data.
Compliant with its privacy policy, according to Qualcomm
Data is transmitted over the insecure HTTP protocol without any additional encryption. This affects 30% of phones worldwide, including Android phones and iPhones using Qualcomm communication modules. Qualcomm states that the XTRA service, which allows the company to collect the user data we just mentioned, complies with its privacy policy. However, the transmission of data over the insecure HTTP protocol raises concerns about the privacy and security of user information.
26154
