Brussels sprouts yet another 'transparency' centre: This time the honour is all ZTE's

Re: ZTE makes cheap phones...

While one does occasionally encounter assertions about these products reminiscent of the "Good Times virus" of the 1990s, there is really nothing magical about software being used for either large-scale or targeted state surveillance. The capabilities required for such functionality are already common and in widespread use in malware. A quick read through descriptions of common malware found in the wild is all that will be required to understand how easy it is for software to monitor and report behaviour to a central authority, enable remote control of devices, receive upgraded capabilities remotely, hide its activities from the legitimate owner of the device, and do all of these things in a manner that is resilient in face of typical firewalls and service provider shutdowns. This is not magic, it is the everyday world of malware authors and their criminal clientele.

It is unreasonable to imagine that the legitimate software or firmware vendor cannot do at the factory what criminals do remotely via exploits every day. Whether a specific vendor is incorporating, or has incorporated, this type of functionality at the behest of a state is a separate matter, but the widespread posts one encounters insisting that it's impossible and deriding it as "magic" are factually inaccurate. They also lend credibility to the belief that such activity is occurring, and that the guilty vendors' and governments' apologists are the ones spreading this misinformation.