During our security research we found that smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution. This is possible because of proprietary Qualcomm software which provides hardware support also sends the data. Affected smart phones are Sony Xperia XA2 and likely the Fairphone and many more Android phones which use popular Qualcomm chips.
The smartphone is a device we entrust with practically all of our secrets. After all, this is the most ubiquitous device we carry with us 24 hours per day. Both Apple and Android with their App Store and Google Play Store are spying on its paying customers. As a private alternative some tech-savy people install a Google-free version of Android on their ordinary smartphone. As an example we analyzed such setup with a Sony Xperia XA2 and found that this may not protect sufficiently because proprietary vendor software, different from the (open source) operating system, sends private information to the chip maker Qualcomm. This finding also applies to other smartphone with a Qualcomm chip such as the Fairphone.
Hellbound and Down 