A top Chinese TV maker that’s made inroads into the North American market admits that its TVs have been spying on users, or at least users in China.
Skyworth, which made a big splash at CES 2020 in Las Vegas and sells at least six TV models in the U.S., said in a statement posted online last week that a third-party application called Gozen Service on its Android TVs had been collecting more data than it was supposed to.
According to an unnamed Skyworth TV owner who posted about it on a Chinese software-development forum, the Gozen Service app is developed by a company called Gozen Data. The app collects data about all of the internet-connected gadgets on the home wireless network, as well as the names of nearby Wi-Fi networks, and sends to a Gozen-run web server.
“In other words,” the poster said, according to Google Translate, the Gozen Service app gathers information about “what smart devices do you have at home, whether your mobile phone is at home, who is connected to the internet at home, what is the name of the neighbor’s Wi-Fi, and you [the Gozen Service] can collect and upload it at any time.”
All that information could in theory be used to geolocate the TV set and track the movements of residents’ mobile devices, both physically and online.
“This thing scans my family’s connected devices every 10 minutes, and sends back the hostname, MAC, IP and even the network delay time,” the posting user added. “It also detects the surrounding Wi-Fi SSID names. The MAC address is also packaged and sent to the domain name of gz-data.com.”
How, asked the poster, is this “not a spy service???”
Spying app may be limited to China
The South China Morning Post, which earlier reported this story, tried to reach out to the original forum poster but did not receive a reply. Skyworth said that its TVs sold in Hong Kong, where the South China Morning Post is based, never had the Gozen Data app pre-installed.
It’s not clear whether Skyworth TVs sold outside China have the Gozen Data app installed, or any other kind of third-party data-collection app. Tom’s Guide has reached out to Skyworth USA for comment, and we will update this story when we receive a reply.
In its statement, Skyworth said it had “terminated the partnership” with Gozen Data, which “was limited to the surveying of domestic TV program ratings in Mainland China on a sampling basis. The violations beyond this scope were not approved nor authorized by SKYWORTH TV.”
However, Chinese public financial records uncovered by Pandaily.com showed that Skyworth is a major investor in Gozen Data. Pandaily.com said Gozen Data also had partnerships with Philips, Sanyo, TCL and Toshiba, although we were not able to find any reference to those companies in the public records Pandaily.com linked to.
The South China Morning Post said Skyworth is the third-largest TV maker in China, after Xiaomi and HiSense, and the fifth-largest TV maker worldwide.
You can buy two Android-powered Skyworth TVs on the U.S. version of Amazon, as well as a cheaper Skyworth TV that doesn’t seem to have any “smart” features. The Skyworth USA website lists at least three more Android TVs.
Sick Codes, a hacker based in Southeast Asia who last fall showed what appeared to be spying activity in TCL TVs, put us in touch with Gsmaster, a North African phone hacker who owns more than one Skyworth TV.
Sick Codes and Gsmaster scanned a Skyworth TV’s internet connections and showed us an Nmap screengrab that indicated at least nine open ports that were being used for purposes unknown. It’s not clear if Gsmaster’s Skyworth TV was running the Gozen Data app, which Skyworth said is supposed to be only for the Chinese domestic market.
Running afoul of Chinese authorities
This kind of data collection nevertheless runs counter to new user-privacy regulations that are being rolled out in stages in China this year.
According to the South China Morning Post, the regulations mandate that users can decline data collection that is not necessary for an app or device to function. Pandaily said the regulations also stipulate that manufacturers and service providers notify users about any kind of personal data collection.
Pandaily speculated that even though Skyworth threw Gozen Data under the bus, the TV maker might still be required to notify users and authorities of the extent and scope of the personal data that was sent to third parties.
“Moving forward,” said the Skyworth official statement, ” we will implement more stringent reviews on the conduct of our partners and service providers to safeguard our users’ privacy, data, rights, and interests.”