Nokia's official response on the case of user data violations
A few days, a report by Norweigan NRK revealed that certain Nokia 7 Plus units were phoning home to China with sensitive user data that could allow real-time tracking. Nokia, or HMD Global, depending on how you look at it, has issued a press released demystifying the entire episode.
"We have looked deeply into the case at hand and can confirm that no personally identifiable information has been shared with any third party," the statement said. "We have analysed the case at hand and have found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones. "
"Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed, and no person could have been identified based on this data. To be clear, no personally identifiable information has been shared with any third party."
"This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it."
The company's excuse does sound solid. The data was a match with the format used for device registration by China Telecoms, the owners of the servers to which the data was being sent. That said, this is sloppy of HMD Global. It's also amusing that the company claims the leak to be "alleged".
The old Nokia brand was known for its rock-solid quality but new Nokia devices have experienced hardware issues—The Nokia 7 Plus's Novatek display has well-documented problems—and things on the software end aren't perfect either.
Get it together, HMD Global.