About your privacy and the alleged “data breach” on Nokia 7 Plus phones as explained by HMD Global
Lately there was news regarding the Nokia 7 plus and the data breach. Here is what HMD global the Nokia company explains about this news. The company confirms that no personally identifiable information has been shared with any third party. They have analysed the case at hand and have found that their device activation client meant for China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed, and no person could have been identified based on this data. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it.
How to check your Nokia 7 plus security Fix?
If you want to confirm your device is up to date, follow these steps:
Go to Settings > System > About Phone > Scroll down to “Build Number”
If your phone shows “00WW_3_39B_SP03” or “00WW_3_22C_SP05” as the “Build number”, you have already installed the fix on your Nokia 7 Plus.
If your phone is not showing either of the above, don’t worry, you can always request the latest approved build by following these steps:
Go to “Settings” > “System” > “Advanced” > “System Update” > “Check for Update”.
A Wi-Fi connection is preferred, but if not possible, you can select “Resume” to use your cellular data connection. Note that that using a cellular connection may incur a data charge. Check with your operator if any concerns.
Demystifying data collection
There is also some speculation about other Nokia phones sharing similar data with third-party servers. But the company confirms that this is incorrect speculation and no Nokia phones are impacted. All device data of Nokia Phones other than the China variant is stored at HMD Global’s servers in Singapore provided by Amazon Web Services.
HMD Global takes the security and privacy of its consumers seriously and complies with all applicable privacy laws. Data collected from our devices is stored safely in accordance with applicable laws.
Why the company collects data from devices?
The company collects data from devices for two primary reasons:
- Activating device warranty: When the device is taken into use for the first time, it sends data to company’s servers. This data helps them activate warranty on the device.
- Improve user satisfaction: In case you choose to participate in the User Experience Program, they collect device satisfaction feedback and diagnostics data from your Nokia phone. This helps them to enhance their products and services based on your feedback.
Their software developers are continuously trained to master local privacy requirements such as the GDPR or China Cyber Security Law requirements. This applies also to the software developers from partners working together with us.
The company claims that they take privacy extremely seriously and follow ‘privacy as a design’ process. This means that all changes and updates to data collection are always approved by a privacy expert.
Also they conduct regular third party audits for their data collection and management processes. They also have strict policies in place related to technical architecture, data and access management.
If your purchased your mobile from US, Europe or any country your data is stored in Singapore. Singapore, as you may already know, follows very strict privacy laws.
If you purchases your device from China then in order to comply with China Cyber Security law, company is obligated to store data originating from China in China. This means that only those devices that are sold in China will send data to their servers in China.