TECNO is a phone manufacturer with a 47 percent market share in East Africa, yet its popular low-cost TECNO Y2 model comes with an outdated operating model and pre-installed apps that are compromising millions of people’s data.
Privacy International’s new report, How one TECNO phone is putting users’ privacy and security at risk, explores the over 200 vulnerabilities in the Android device, calling out the manufacturer and Big Tech’s role in ensuring privacy and mitigating risks.
“Selling a product like TECNO Y2 that comes with such blatant and intentional vulnerabilities is unethical,” said Bridget Andere, Africa Policy Fellow at Access Now. “A lot of people can’t purchase expensive devices, but deserve privacy and security — TECNO and Google have a responsibility to everybody, regardless of economic status.”
Key findings include:
- Privacy International bought a TECNO Y2 in Uganda for testing and discovered serious concerns with the phone’s operating system and pre-installed apps;
- This TECNO phone comes with an extremely outdated operating system — Android 4.4.2, which was first released eight years ago; and
- The phone puts users at risk with over 200 security vulnerabilities, 19 of which received the highest possible score (10.0) on the Common Vulnerabilities and Exposures framework.
Furthermore, the phones often come with Google’s “Play Protect” branding, suggesting that this relationship with Google is a selling point.
Access Now joins Privacy International’s call for TECNO and Google to protect consumers, and supports their recommendations as follows:
- Ship phones with a supported version of the Android operating system;
- Support the longevity of devices to combat e-waste, and tell consumers, at the point of sale, how long their device will be supported, provide regular updates to the device, and notify users when continuing to use a device poses a risk to their privacy or security; and
- Minimize the amount of bloatware, superfluous apps, and other extras that come pre-installed on their phones.
- Only certify phones with versions of Android which still receive security updates — this may mean revisiting their phone certifications regularly; and
- Improve the transparency of the Play Protect certification.
Read the full report and open letter.