"How one TECNO phone is putting users' privacy and security at risk", 10 August 2021.

Privacy International bought a TECNO smartphone, and we discovered serious concerns with the phone’s operating system and pre-installed apps.

KEY FINDINGS

• Privacy International bought a TECNO Y2 in Uganda for testing and discovered serious concerns with the phone’s operating system and pre-installed apps.
• Our report shows that this TECNO phone in comes with an extremely outdated operating system. The phone’s operating system is Android 4.4.2, which was first released 8 years ago!
• The phone puts users at risk with a number of security vulnerabilities that have been discovered in Android 4.4.2...

We asked TECNO if they release information or a list of devices that they have stopped supporting, but as of time of writing they have not responded...

Google’s role in this is also important... Despite these vulnerabilities, TECNO is an Android certified partner company - and the TECNO Y2 phone is ‘Play Protect Certified’...

We asked Google for they response to this research and they said that they don’t disclose security tests, to avoid giving bad actors information... However, what is of primary concern to PI is not the specific checks, but how phones like the TECNO Y2 slip through... Google told PI that the security review is done at a specific moment in time, and that it can’t include vulnerabilities that haven’t been discovered yet...