Chinese internet users should beware of using voice-controlled assistants such as Alexa, Google Home, and Siri in mainland China, particularly if such devices are made by Chinese companies, a Radio Free Asia technology show has warned.
"Once hackers gain control of your mobile phone or smart home assistant, they can do whatever they want, and you will only notice a dramatic increase in data traffic," Cantonese service technology journalist Lee Kin-kwan said in response to recent questions from listeners in the region.
Clues that someone else is using your device could include a sudden increase in power consumption or the device starting up suddenly and unexpectedly, Lee said.
"Chinese-branded products are even less advisable because there is an even greater chance that they could be connected to the police," Lee warned. "At that point, you could be opening yourself up to criminal liability."
Chinese users of Apple products need to be aware that the security of company's voice-controlled assistant Siri depends on where one's Apple ID was registered.
European Union-registered Apple IDs are governed by more stringent privacy laws than elsewhere, Lee said. "[They] can largely prevent Chinese authorities from accessing your data."
But Lee warned against authorizing any China-based companies to use Siri's features, and turning the feature off entirely while in China was the most secure option of all, he said.
Lee said recent data protection laws that came into effect in the E.U. last week can benefit Chinese users who use an E.U. IP address or mobile phone number when registering for online accounts in China.
Lee's warnings came as Facebook admitted to having data-sharing partnerships with at least four Chinese companies, including smartphone-maker Huawei, which has already been the subject of security concerns in the United States.
Facebook has said it had allowed Huawei, Lenovo, and smartphone manufacturers OPPO and TCL to access some user data, following a report by The New York Times on Sunday.
The companies may have been able to access data about users' friends on Facebook, under the agreement, regardless of what the users' privacy settings were, the paper said.
U.S. Senator Mark Warner said in a statement that the House of Representatives Intelligence Committee, of which he is vice chair, had raised concerns about Huawei dating back in 2012.
"The news that Facebook provided privileged access to Facebook’s [application program interface] to Chinese device makers like Huawei and TCL raises legitimate concerns, and I look forward to learning more about how Facebook ensured that information about their users was not sent to Chinese servers,” Warner said.
Facebook has since said it will end the agreements.
“Facebook along with many other U.S. tech companies have worked with them and other Chinese manufacturers to integrate their services onto these phones,” Francisco Varela, vice president of mobile partnerships for Facebook, said in a statement.
“Facebook’s integrations with Huawei, Lenovo, OPPO, and TCL were controlled from the get-go — and we approved the Facebook experiences these companies built," Varela said, adding that the information wasn't stored on Huawei's servers.
The Federal Trade Commission (FTC) confirmed in March that it was investigating Facebook’s privacy practices.
'Not good enough'
Chinese users said they expect to be told if their data is going to be shared with other companies, especially those subject to controls by the ruling Chinese Communist Party.
"I think if they are going to share data, there should be a window that pops up beforehand to let you know and [tell you] what they are doing," Beijing social media user Lao Hui told RFA. "Maybe it's not against the law, but morally speaking, it's not good enough."
A Shanghai-based social media user surnamed Ma said she suspects Facebook's motives in sharing user data.
"I think that any foreign company that does business in, or has ties to, China is going to put their company's business interests first," Ma said. "They want to have it both ways, in terms of their own interests, and user satisfaction."
"But I don't actually think that's possible," Ma said.
Sang Young, an information security expert at the Hong Kong Internet Society, said Facebook's actions fell into a "gray area."
"User data generally falls into two categories — personal details and sensitive information," Young said. "Information such as their employment history and education don't exactly qualify as personal details, but they are still sensitive, and fall into a gray area."
"Maybe not all users want that information to be shared, and maybe they didn't think Facebook would do this," he said.
Reported by Lee Kin-kwan for RFA's Cantonese Service, and by Gao Feng for the Mandarin Service. Translated and edited by Luisetta Mudie.