Investigations by Privacy International expose cellphone manufacturer TECNO's weaknesses in protecting users' privacy and security at risk.
This statement was originally published on cipesa.org on 19 August 2021.
Strengthening the digital security of at-risk groups and organisations amidst growing digital rights attacks in Africa has become increasingly crucial. However, inadequate device security is undermining such efforts.
Investigations by Privacy International have revealed that TECNO – a phone manufacturer with an estimated 47% market share in East Africa and widely used across other regions on the continent – is putting users’ privacy and security at risk.
Based on testing of a TECNO device – the Y2 – purchased in Uganda, the investigations reveal that the phone’s operating system was outdated, having not received updates since 2013. Further, pre-installed applications that users can not uninstall were using up space on the device. Whereas the specific model of phone with the vulnerabilities was discontinued from production by TECNO back in November 2019, it remained on sale as recently as 2020.
In response to the revelations, Privacy International and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), together with nine other civil society organisations, have submitted a letter to TECNO calling on the Chinese manufacturer to make changes to their practices and protect users’ privacy and security.
The letter urges TECNO to make three key changes to significantly improve their users’ privacy and security:
- TECNO should ship phones with a supported version of the Android operating system.
- TECNO should do their best to support the longevity of their devices and therefore combat e-waste. They must tell consumers, at the point of sale, how long their device will be supported, provide regular updates to the device, and notify users when continuing to use a device poses a risk to their privacy or security.
- TECNO should minimise the amount of bloatware, superfluous apps and other extras that come pre-installed on their phones. Whenever bloatware is included, it should exist in the user partition and therefore be removable by the user.
“It’s vital that TECNO listen to civil society and make these small changes to protect their users. TECNO users across Africa and the world deserve to know what they’re buying, especially when their phone will no longer receive security support,” said Caitlin Bishop, Privacy International’s project lead on work around low-cost technology.
“Skills in digital security and safety are lacking among some of the most at-risk groups in many African countries. Surveillance schemes by state and non-state actors leverage this skills and knowledge gap. It is important therefore that leading device manufacturers, such as TECNO, guarantee privacy and security by design in order to ensure the safety of users,” said Ashnah Kalemera, CIPESA’s Programme Manager.
A copy of the letter can be accessed here.