Affiliate links on Android Authority may earn us a commission.Learn more.
HMD Global responds after some Nokia 7 Plus phones in Europe sent user info to China
August 01, 2025
Update, Jul 21, 2025 (1:50AM):HMD Global has issued a statement toAndroid Authorityafter news broke of some Norwegian Nokia 7 Plus models sending data to China.
“We have analyzed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server,” the Nokia brand licensee said in its statement.
The company insisted that no personally identifiable information was sent to the Chinese server. This assertion comes despiteNRKreporting that the information could allow recipients to track a phone’s location in real-time. In any event, HMD Global says this issue was fixed earlier this year.
“This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it,” HMD said. It added that collecting “one-time device activation data” was a standard practice in the industry to activate a phone’s warranty.
Original article, July 01, 2025 (8:35AM):It’s not unheard of forsketchy games and appsto steal your data and send it to foreign servers. But it’s another story when your brand-new smartphone is sending this information to China out of the box.
That’s what happened to an unspecified number of Nokia 7 Plus phones in Norway, according to news websiteNRK(viar/Android). The outlet reported that data sent to China included a user’s location,phonesim card number, and the device’s serial number. It added that this information allowed the recipient to track a phone’s real-time movement.
Read:Oculus Rift S coming to PC this spring for $399
Data was being sent to a server with a vnet.cn domain, and a domain ownership check revealed the “China Internet Network Information Center” as the point of contact.NRKthen contacted the organization and it confirmed that state telecommunications company China Telecom owned the domain.
Oddly enough, the code for the Nokia 7 Plus’s data collection method was reportedly found to be similar to code on Github by Qualcomm. So just what is actually going on here?
Was this purely an accident?
It’s believed that this data collection was intended for Nokia 7 Plus units in China, but it may have accidentally landed on devices outside the country. Furthermore, security researcher Dirk Wetterreportedthat the culprit could be an APK package named “com.qualcomm.qti.autoregistration.apk.”
HMD Global confirmed the issue with the outlet, saying it affected a “single batch” of phones. The Nokia brand custodian added that a software update was issued at the end of February to fix the problem. The company reportedly declined to answerNRK‘s questions about who owns the Chinese server. HMD was also asked if this practice was required in order to sell Nokia phones in China, but the company refused to comment on the matter.
The Finnish data protection ombudsman has sinceconfirmedthat it will be investigating the incident to determine whether there was indeed a violation ofGDPRlaw. We’ve contacted HMD Global and Qualcomm to clarify the matter and will update the article if/when the companies get back to us.
NEXT:Sweet, sweet karma — Watch AT&T’s CEO get a robocall during live interview
Thank you for being part of our community. Read ourComment Policybefore posting.
