Shortly after the^( about the batch of ^( devices sending private user data to a Chinese server, HMD Global responded with an official statement.
The statement says that the company made a mistake regarding user activation for another country. The wrong software package has been installed on the batch of Nokia 7 Plus handsets.
We can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed and no person could have been identified based on this data. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it.
Collecting one-time device activation data when the phone is taken first time into use is an industry practice and allows manufacturers to activate phone warranty. HMD Global takes the security and privacy of its consumers seriously.
However, the company insists that no sensitive user data was sent to the Chinese server. It has fixed the issue with the said devices by in February 2019 by switching the client to the right country. But although all affected devices got the fix, a small portion of the users haven’t installed it.