New report shows how one TECNO phone can be putting people’s privacy and security at risk

Privacy International research released today shows that the brand new TECNO Y2 phone is being sold with outdated versions of the Android operating system. The version of Android, which is from 2013, no longer receives security updates, and contains over 200 known vulnerabilities. The phone also comes with pre-installed apps that the users cannot uninstall. What this means is that the privacy and security of people using TECNO’s Y2 phones can be at risk.

TECNO are a phone manufacturer based in Shenzhen China and hold a 47% market share in East Africa. They are subsidiary of Transsion Holdings - which made $5.7bn in revenue in 2020 and also sell phones under the Itel and Infinix brands.

“Having conducted research on privacy and data protection practices of digital lending apps, we also noted that phones for the African market come with pre-installed apps. From a data protection law perspective, users should not be opted into third party apps that possibly collect data for commercial purposes." Grace Mutung’u, Centre for Intellectual Property and Information Technology Law at Strathmore University, Kenya.

“TECNO users deserve better. They deserve devices that are secure, rather than ones that put their privacy and security at risk. TECNO need to make clear to consumers what they’re buying, including if it’s an old, out of date, and insecure phone.” Dorothy Mukasa, Unwanted Witness.

“It’s unacceptable that TECNO – a company with almost 50% of the phone market share in East Africa – are selling phones that expose users to significant risks. TECNO should ensure that the phones they are selling don’t come with antique operating systems, and that customers know when they’re phone will stop receiving security support. TECNO should stop putting users’ privacy and security at risk.” Caitlin Bishop, Privacy International, Project lead of PI’s work on low-cost technology.

PI’s report also contains several recommendations for TECNO:

• TECNO should ship phones with a supported version of the Android operating system.
• TECNO should do their best to support the longevity of their devices and therefore combat e-waste. They must tell consumers, at the point of sale, how long their device will be supported, provide regular updates to the device, and notify users when continuing to use a device poses a risk to their privacy or security.
• TECNO should minimise the amount of bloatware, superfluous apps and other extras that come pre-installed on their phones. Whenever bloatware is included, it should exist in the user partition and therefore be visible to and removable by the user.

About Privacy International

Privacy International (PI) is a London-based charity that campaigns against companies and governments who exploit our data and technologies. We expose harm and abuses, mobilise allies globally, campaign with the public for solutions, and pressure companies and governments to change.

Visit our website at www.privacyinternational.org

Notes to editors

This is work is a part of PI’s Privacy shouldn’t be a luxury project, and follows on from PI’s campaign looking at Google’s certification of dubious devices, and Samsung’s decision to support their high-end phones but not their cheaper handsets. When a person buys a brand new low cost phone, it's likely to come pre-installed with insecure apps and an outdated operating system. What this means is that people could be left vulnerable to security risks or to having their data exploited. We don't think privacy should be a luxury. That's why we advocate for companies to provide the latest security features and privacy protections for low cost phones, as well as high cost phones.