I see people say this a lot, but I'm using an Honor 10 and have spent a bit of time this week alternately MITM proxying connections from the phone and capturing DNS at the router.
I found very infrequent calls to HiCloud (Huawei's cloud service), almost always using a HiCloud enabled app where it would make perfect sense to communicate with the service.
On the other hand, I seen third party apps (none of which were pre installed) almost constantly firing requests to analytics and ad services. Microsoft Edge was the worst culprit - virtually every action I took (opening menus, tabs, etc) triggered a request to vortex.data.microsoft.com. Spotify calls Scorecard Research in the background often, even if it appears not to be running. Google calls the connectivity check service very frequently (even when network conditions aren't changing). The BBC iplayer apps (when ostensibly not running) refresh channel and config data frequently in the background.
I see a lot of rhetoric calling out Huawei phones for being spyware ridden trash, but honestly my own research this week suggests that the privacy controls on the phone work well and that third party apps are more of a privacy threat.
"Seeing HiCloud request while having HiCloud app enabled" -> and so ... ? The question "if I refuse all their services, do they still collect my data". No surprise your phone makes request if you are using their services.
"Third Party apps are not privacy respecting and sending data to Google" -> yes nothing new, we're not talking about the spyware you can install from the playstore yourself, you have a lot of choice there too indeed, we're talking about pre-installed apps.
As far as I can tell, the concern with Huawei is not that their phones have some kind of obvious backdoor, but that the Chinese government has Huawei's private keys and can load arbitrary software on their phones, something the Chinese government uses sparingly to attack targets they don't like. And not just phones, their switches, routers, base stations, and other gear - in that case used to eavesdrop on cellular voice traffic around the world.
Even if Huawei didn't do this willingly the Chinese government doesn't operate by open rule of law. If the Party decides they will comply then they will comply. No news outlet will report on it. Social media will be censored. None of us in the west will ever know. There is no court to appeal to because the courts are under the thumb of the Party. Huawei is required to hire Party members as employees - Huawei leadership might not even be aware of it for plausible deniability reasons.
This is the direct result of the State apparatus that the Party in China has built for itself. They can cry all the rivers they want about Huawei; it's their own fault. Even if nothing nefarious is going on the suspicion alone has a huge impact.
To address the whataboutism: The whole issue around NSA revelations is entirely because that sort of thing isn't supposed to be possible in the USA (and nominally wrt NSA is only supposed to be valid when it involves foreign individuals). Individuals and companies regularly challenge government over-reach so there are at least some checks and balances, even if they aren't as strong as we'd like. Apple can choose to fight a court order. Trump's executive orders can be blocked.
Now imagine a new story claiming someone sued to block Xi Jinping's executive order in China. Such a scenario is absolutely laughable.
There is a difference between China and the West. To pretend they're the same is to pretend a bicycle is identical to a semi. They're both methods of transportation with wheels that carry cargo but there is a wide gulf in practice.
edit: As for the Supermicro story, who knows. The attack is certainly theoretically possible. Whether such an attack took place is another matter and so far no one has provided a tampered board as evidence.
The only way to be reasonably sure it isn't happening is to sample the final product, tearing down every individual component to verify everything (down to the traces on boards and gates on chips). That's a lot of work, expensive, and time-consuming. Most manufacturers probably don't bother. That applies regardless of where the product is assembled unless your own factories are producing every single component.
I worked for several US-based handset manufacturers as a consultant. It's common to have the handset mfgr host features on its own cloud such that the phone is entirely dependent on it to function: the cloud goes away, large swaths of phone functionality breaks. It sucks but it's true.
Isn‘t the given example of a phone for the chinese market?
From the thread there:
“this will only happen with phones that are meant to stay in china, and also using software made for the chinese market. if your phone is shipped outside of china or has google play services, they're fine”
“It's only Chinese roms that don't have Google play store. This has been known for awhile and honestly this while ep 2 shit is nothing new.”
Can't open the link because of rate limiting - hn effect?
Anyway, is any phone-home spying? What if it phones US servers, say Google's? Unfortunately I can't think of a popular brand that doesn't spy on its users (no matter what the reasons are).
thats not entirely true, while isp's do get a copy of your plain text data if its not end to end encrypted(and likely offsell it), bgp routes would likely need to hijacked or somehow compromised while the data was in transit for a chinese server to get a copy of that data
But once again surely other brands, Western companies included, are also spying, but it doesn't change the fact that Huawei does it too.