In early 2018, Oludare Jacobs, then a kid straight out of secondary school, was exploring his options for mobile phones. He needed a phone that was rugged, functional, and most importantly, cost-effective. “Cost-effective, not cheap, because 60,000 Naira ($137) was still a lot of money back then,” said Jacobs.
Jacobs settled for a Tecno K7. It had a dual sim, a good battery capacity, and a fingerprint sensor, which qualified it as quite high-end in 2018 when phones with fingerprint sensors were just blowing up in Nigeria. It was also a good price, compared to models of Samsung or iPhone which had the same fingerprint feature, and as Jacobs put it, “had the same street reverence.”
For the first four months, Jacobs enjoyed the Tecno K7, but soon it began acting up. “The phone was quite susceptible to viruses and I kept flashing and factory resetting,” said Jacobs. The phone was susceptible to malware and the ecosystem had little regard for user privacy. Each time Jacobs reset the phone, he’d spend the next few days disabling ads and pop-ups, deleting bloatware, and uninstalling unneeded applications from the phone. He would enjoy using the phone for a few weeks, then the viruses would come again, he’d reset the phone again and repeat the cycle.
After a year, he knew he needed to change his phone, but he could not afford to. In Africa, a specific class of Chinese phone brands like Tecno offer functional phones for cheap but fall short in privacy and cybersecurity standards.
Jacobs is far from the only one facing these issues. Kazeem Omobolanle’s first smartphone was an Itel her parents bought for her because it was affordable. When she changed the phone to a Samsung several months later, Omobolanle experienced culture shock. Her new Samsung, she said, felt more “like her phone,” and less like she was “renting it from Itel and they needed the unsolicited ads to remind her of that.” She felt more in control of her phone.
Tecno, Itel, and a third brand, Infinix, are all owned by the same parent company, Transsion. These brands gained popularity in Africa in the 2010s due to their cheap price and dual-sim feature phones. They also had a reputation for being loud and having lasting batteries. These features were key for the African digital market – affordability is key due to inflation and the weakness of African currencies in the global market. Dual-sim phones are important as many users have multiple SIM cards to deal with discrepincies and inconsistencies in the network. Long battery life is key for people who live with unstable power supplies, and the volume is attractive as it allowed the phones multitask as efficient sound players and be heard over the noise typical in African cities.
Consequently, they were among the earliest smartphones to be widely adopted in Africa. And, they still are among the continent’s most used brands. In 2021, Transsion held 47.9% of the entire African smartphone market. By March 2022, according to Statista, Tecno still owned 28.43% of the entire mobile market in Nigeria, followed by Infinix with 23.72% market share. Itel, the third of the Transsion brands, owned 5.82%. Together, Transsion controls more than 50% of the mobile market in Nigeria. Even as Africa’s demand for 5G grows, Chinese brands remain at the frontline of providing 5G-enabled phones and infrastructure.
In African countries, basic models of brands like Samsung or the iPhone are high-end luxuries to the lower and middle class. Chinese makers like the Transsion trio, Redmi, Poco, and Oppo serve the population with cheaper phones, but in return, consumers mostly have to trade off some level of control, privacy, and security.
These lapses can have serious consequences. In 2020, Upstream, an anti-fraud firm found pre-installed malware in 53,000 Tecno phones sold across Ethiopia, Cameroon, Ghana, Egypt, and South Africa. Transsion said the malware was installed by distributors in the supply chain without their knowledge. The pre-installed malware could subscribe phone owners to services without their permission.
In 2021, Privacy International tested a Tecno phone and reported serious security problems with the outdated OS. The Tecno Y2 that was tested, according to Privacy International, ran an OS that had more than 200 reported vulnerabilities, among which 19 were rated 10 out of 10 in the Common Vulnerabilities and Exposure Framework.
In Africa, a specific class of Chinese phone brands like Tecno offer functional phones for cheap but fall short in privacy and cybersecurity standards.
Both Jacobs’ Tecno K7 and Omobolanle’s Itel contracted malware that left the phones slow, hanging, and annoying to use. Many times, both owners had to reset the phones to factory mode to wipe the malware off.
These phones also aggressively force ads, pop-ups, and unwanted apps to their users, which can often be hard or impossible to turn off, especially for a population with relatively low-tech literacy. The entire ecosystem creates a form of helplessness for users, who feel out of control and out of sync with their phones.
In early 2020, Jacobs finally switched to a second-hand Samsung, describing the experience as no-stress and “empowering.” Later, he switched to an iPhone for the “street cred.”
“Chinese [mobile] devices are much more vulnerable than their western counterparts,” said Ayoola Olaitan, a Nigerian mobile cybersecurity analyst. ”They also have more bloatware,” he said, referring to unwanted apps and programs that weigh the phones down and provide rooms for malware and malfunctions to creep in.
For Olaitan, who has worked across numerous security positions, including as a bug bounty hunter – where he was hired to ethically hack devices to find vulnerabilities – Chinese phones have a particularly low standard of security. Once, he said he found the entire source code of a Tecno flagship device lying unsecured on their website, accessible to anyone. Chinese phone brands are also late to send security updates and vulnerability patches to their users. Mostly, they do not even have a clear communication structure for vulnerabilities and security issues, both to their users and to bug bounty hunters looking to report vulnerabilities to them.
The overall behavior, according to Nate Allen, an associate professor at Africa Center for Strategic Studies, is rooted in the influence of the Chinese state on tech originating from the country. “Tech isn’t characteristically neutral, and not independent. Technology inherits the behavior of its origin or creator,” said Allen. “A major problem with visual-recognition AI, for example, is that they’re racist and do not recognize people of color, and we know that’s connected to the character and diversity of the creators of those AI models.”
This phenomenon, according to Allen, explains why tech originating from China can sometimes be dubious in its philosophy. “These brands are less likely to pay attention to security and privacy because, in China, tech is built in a way that enables state surveillance and profit,” said Allen. “These phones are designed to serve the state and less about the individual, unlike brands like Samsung or Apple who have, or at least tout, a more private, anti-government or surveillance ecosystem.”
The security and privacy lapses provide leeway for state surveillance as much as they do for independent bad actors looking to utilize the vulnerabilities for profit – sometimes it’s the phone brands themselves doing so. The absence of strong security measures, policies, and active regulatory bodies in most African countries also allow brands to get away with such behaviors.
“It’s more of a behavioral problem than a technical one. Most of these brands just need to pay more attention to security and privacy,” Olaitan said. “It’s not like they need some special tech to do that, though it could raise the prices a bit.” Until then, African users who cannot afford other phone brands stay vulnerable to uneven cybersecurity risks.
Olatunji Olaigbe is a Nigerian freelance journalist. He’s a winner of the 2021 IOM West and Central Africa Migration Journalism Awards.