A paper published by researchers at the University of Edinburgh and Trinity College Dublin shows that Android devices sold in China from three of the major manufacturers, each included more than 30 third-party apps, transmitting privacy-sensitive data without the owners consent or knowledge. The apps continue to connect to these third-party servers even when not using Chinese SIM cards while abroad.
“The data we observe being transmitted includes persistent device identifiers (IMEI, MAC address, etc.), location identifiers (GPS coordinates, mobile network cell ID, etc.), user profiles (phone number, app usage patterns, app telemetry), and social connections (call/SMS history/time, contact phone numbers, etc.)”.