Ren Zhengfei told the world no Chinese law forces companies to install backdoors. He's technically correct — the law doesn't use the word "backdoor." It uses "support, assist, and cooperate with national intelligence efforts." NYU professor Jerome Cohen: "There is no way Huawei can resist any order from Beijing. The Party is embedded in Huawei and controls it." The law Ren says doesn't exist compels something potentially much broader than a backdoor. Huawei says it never conceals backdoors. The UK government spent nine years trying to verify Huawei's code and concluded it was "impossible to provide end-to-end assurance." Vodafone found backdoors in Huawei routers in Italy. They asked Huawei to remove them. Huawei agreed, hid them instead, then refused to take them out — calling it a "manufacturing requirement." A security professor confirmed: removed on complaint, then added back differently. That's not a bug. That's concealment.
What they claim: Huawei response to Uyghur surveillance report: "Huawei only supplies general-purpose products."
What we found: In 2018, Huawei worked with Megvii to test an AI camera system detecting Uyghur faces in crowds, triggering a "Uyghur alarm" for police. A confidential document was hosted on Huawei's own European website — deleted only after IPVM contacted them. Huawei filed a patent (July 2018) with Chinese Academy of Sciences listing "race (Han, Uyghur)" as pedestrian attribute. World Uyghur Congress filed criminal charges in France for genocide, human trafficking, aggravated servitude. Antoine Griezmann terminated his sponsorship. Up to 2 million Uyghurs detained in camps.
What they claim: Huawei positions HarmonyOS as a "secure, open ecosystem" and trustworthy alternative to Android/iOS.
What we found: US Representatives Moolenaar and Krishnamoorthi (House Select Committee on CCP) warned HarmonyOS could "facilitate digital authoritarianism" — each update potentially containing "hidden backdoors or vulnerabilities deliberately designed for surveillance." Huawei expanding HarmonyOS to cars (Toyota, BMW partnerships) and PCs. Nikkei Asia: US concern China could use the OS for spying "instead of relying on chips." No Western government has certified HarmonyOS as safe.
What they claim: Huawei regarding Uyghur facial recognition: "This is simply a test and it has not seen real-world application."
What we found: Huawei filed a patent (July 2018) with Chinese Academy of Sciences listing "race (Han, Uyghur)" as pedestrian identification attribute. Patents are filed for commercial implementation, not testing. IPVM documented Uyghur analytics deployed across PRC police networks — a dozen police departments confirmed using the technology. Up to 2 million Uyghurs detained in camps. World Uyghur Congress filed criminal charges in France for genocide.
What they claim: Huawei marketing: "HarmonyOS provides comprehensive security and privacy architecture." HongMeng kernel CC EAL 6+ certified.
What we found: HarmonyOS NEXT's HongMeng kernel is fully closed source. Security researchers at Promon cannot access the kernel binary — device blocks extraction. DevEco Studio requires mainland China residency and Chinese national ID card. OpenHarmony (open source) is NOT the same as HarmonyOS NEXT. HMS Core data collection is now bundled directly into the OS. US House Select Committee on CCP called for government to "fully examine HarmonyOS's architecture." No independent Western security audit exists as of 2026.
What they claim: Huawei repeatedly asserts it is "an independent private company" with no state control.
What we found: Founder Ren Zhengfei served in PLA 1974-1983. Told General Secretary Jiang Zemin in 1994 that "switching equipment technology was related to national security." Built the PLA's first national telecom network. Communist Party member, studied Mao Zedong's writings, received awards for Maoist theory. Management philosophy is "commercial applications of Maoism." Daughter/CFO Meng Wanzhou arrested for fraud to evade Iran sanctions. NYU professor Cohen: "The Party is embedded in Huawei and controls it." Ownership structure described by researchers as opaque.
What they claim: Huawei Privacy Statement: "Privacy is a basic right of yours, you should have complete control over your privacy."
What we found: HMS Core's Awareness Kit collects: time, location, behavior, audio device status, ambient light, weather, nearby beacons. Analytics Kit is a "one-stop user behavior analysis platform" across apps, web, and mini-programs. Ads Kit uses OAID for personalized ads. Dynamic Tag Manager reports to third-party analytics. All bundled directly into HarmonyOS NEXT — not optional. Privacy policy: "Huawei may disclose your personal data to law enforcement or government agencies." Under China's legal framework, these requests cannot be refused.
What they claim: Huawei Cloud Privacy Statement: "We are committed to keeping your personal data confidential."
What we found: Huawei's own policy: data collected in China "will be stored in China." For EEA-to-China transfers, acknowledges "differences in legal frameworks, including laws relating to national security and government access." Reserves "right to question" government requests but must comply with "binding" ones. Under National Intelligence Law, Counter-Espionage Law, Data Security Law, and PIPL — all government data requests are binding. No independent judicial review mechanism.
What they claim: Huawei's position: "Meng Wanzhou's arrest was politically motivated."
What we found: 13-count indictment: bank fraud, wire fraud, conspiracy — Meng lied to HSBC about Huawei's Iran subsidiary Skycom to evade sanctions. In deferred prosecution agreement (September 2021), Meng conceded she misrepresented the Huawei-Skycom relationship. China detained two Canadians — Michael Kovrig and Michael Spavor — within days of Meng's arrest. Both held 1,019 days. Spavor sentenced to 11 years on charges widely seen as fabricated. Both released the exact day Meng's case resolved.
What they claim: Ren Zhengfei (2019): "No law requires any company in China to install mandatory back doors."
What we found: China's National Intelligence Law Article 7 (2017): "All organizations and citizens shall support, assist, and cooperate with national intelligence efforts." Article 14 grants intelligence agencies authority to "demand" cooperation. US DHS: law "compels all PRC firms to support, assist, and cooperate with PRC intelligence services." NYU law professor Jerome Cohen: "There is no way Huawei can resist any order from the Government or the Chinese Communist Party. The Party is embedded in Huawei and controls it."
What they claim: Huawei spokesperson: "There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment."
What we found: UK HCSEC 2019: build environments "could not uniquely produce the binary deployed in UK networks" — "impossible to provide end-to-end assurance." Vodafone Italy (2009-2012): discovered backdoors in Huawei routers — 26 vulnerabilities, 6 critical. CISO Bryan Littlefair: "What is of most concern is that Huawei agreed to remove the code, then tried to hide it, and now refuses to remove it." Professor Stefano Zanero confirmed: "undocumented telnet service with hardcoded credentials, removed upon complaints and then added again in a different way."
What they claim: Huawei Trust Center: "Cyber security and privacy protection are Huawei's top priorities."
What we found: UK HCSEC (2010-2019): Nine years of auditing found persistent engineering failures. 2019 report: Huawei promised $2 billion to fix software engineering but "had not supported this claim with any material and verifiable actions." Build process so broken HCSEC couldn't verify deployed software matched source code. Identified vulnerabilities that could "affect the operation of the network" or allow "access to user traffic." UK ultimately decided to remove Huawei entirely.
What they claim: Vodafone regarding Huawei backdoors in Italy: "We have no evidence of any unauthorised access."
What we found: Vodafone discovered telnet backdoors with hardcoded credentials in Huawei routers, optical service nodes, and broadband gateways (2009-2012). Internal audit: 26 vulnerabilities — 6 critical, 9 major. Professor Zanero confirmed: "undocumented telnet service with hardcoded credentials, removed upon complaints and then added again in a different way." Vodafone CISO Littlefair: Huawei "agreed to remove the code, then tried to hide it, and now refuses to remove it."
What they claim: Ren Zhengfei: "We would rather shut Huawei down than do anything that would damage the interests of our customers."
What we found: All Five Eyes nations — US, UK, Australia, New Zealand, Canada — independently banned Huawei from telecom networks on national security grounds. UK ordered all Huawei 5G equipment removed by 2027. Canada: 5G by June 2024, 4G by 2027. A 2026 academic study confirmed these were independent decisions — each intelligence agency reached the same conclusion through its own assessment. US lawmakers warned HarmonyOS could "facilitate digital authoritarianism."