Thailand’s Personal Data Protection Commission (PDPC) has started investigating a listing on the dark web advertising the sale of 22 million sets of personal data. The data, allegedly obtained from OPPO smartphones, was being offered for $20,000 (about 680,000 baht).
Pol Col Surapong Plengkham, who oversees inspection and supervision at the PDPC, informed Thai PBS that the ad was discovered recently. It was posted anonymously under “SSL Dragon” on December 17 last year.
OPPO Thailand, the official distributor for OPPO and Realme smartphones, has been notified of the breach and instructed to respond to the PDPC within 72 hours. Surapong stated that the company is responsible for compensating affected users if they can prove their personal information was stolen or sold.
Meanwhile, Suwannee Jatsadasak, assistant governor of the Financial Institution Supervision Group at the Bank of Thailand, noted that the rise in small loans has pushed people toward smartphone apps. She explained that the central bank has created systems allowing users to share personal data with trusted parties to help assess their financial readiness for loans. Financial institutions can use this information to approve loans.
Suwannee also mentioned that other agencies are trying to shut down illegal apps. Additionally, the Thai Bankers Association has pledged to enhance the security of financial transactions.
Chinese Smartphones Loaded with Spyware
According to Gizmodo, China is the largest smartphone market globally, with over 70% of devices running on Android. Research from the University of Edinburgh and Trinity College Dublin revealed that smartphones sold in China by brands like OnePlus, Xiaomi, and OPPO Realme collect and share significant amounts of user data without consent.
These devices come loaded with numerous pre-installed apps that are granted extensive permissions by default. This setup enables collecting sensitive data, such as device identifiers (IMEI and MAC addresses), GPS location, user activity like app usage, and even social information like call logs, SMS history, and contact lists.
The study assumed users were privacy-conscious, opting out of analytics and avoiding cloud services or third-party offerings. Despite this, the devices reportedly transmit unique user information, with no option for users to stop the data sharing or receive notifications about it.
The collected data, which can be linked back to individuals, is shared with device manufacturers, Chinese network providers (even without an inserted SIM card), and services such as Baidu.
The researchers focused on devices sold in China running localized Android versions. While this behaviour is specific to those versions, international users aren’t affected. However, travellers and students who purchase these phones in China should be cautious, as the data-sharing practices persist outside the country.
Chinese Android versions also include more pre-installed third-party apps than their international counterparts. These apps are granted far more permissions, further raising privacy concerns.
Related News:
Thailand’s Education Ministry Seeks to Ban Smartphones in Schools
Geoff Thomas is an award winning journalist known for his sharp insights and no-nonsense reporting style. Over the years he has worked for Reuters and the Canadian Press covering everything from political scandals to human interest stories. He brings a clear and direct approach to his work.
