TechSpot

Some budget Android phones are secretly sending user data to servers in China

By Jos
Nov 15, 2016
Post New Reply
  1. Update: ZTE USA has responded with an official statement. “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”

    Update 2: Here's Huawei's official reponse. "Huawei takes our customers' privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them."

    A newly-discovered piece of software running in an unknown number of budget Android phones is reportedly sending user location data, text messages, and call logs to a server in China every 72 hours. First discovered by Security firm Kryptowire and reported by the New York Times, the backdoor is said to be there intentionally and not due to a security flaw, though at this point it’s unclear if the data is being collected for advertising purposes or if it is and actual governmental effort at surveillance.

    The software was developed by a Chinese company called Shanghai Adups Technology Company, which claims to have software running on more than 700 million, mostly low-end devices Android devices. Among its customers are Chinese giants like Huawei and ZTE, and at least US Android manufacturer, BLU Products, has confirmed that 120,000 of its phones are affected and it’s taken steps to remove it.

    Kryptowire noted that the software and its behavior managed to bypass mobile anti-virus protection because it ships with the device and is not assumed to be malware. A security researcher for the company stumbled upon the issue after buying an inexpensive BLU R1 HD phone for an overseas trip and noticing “unusual network activity” during the phone’s setup process.

    The software was allegedly written and used with the intent of assisting with customer support for an unnamed Adups client. A representative from the Chinese software company characterized the inclusion of this backdoor in other phones as “a mistake” and denied any government involvement.

    Google for its part has requested Adups to remove the surveillance software from any phones that run services like the Google Play store. Adups has not published a list of affected phones, however, so it is not clear how users can determine whether their phones are vulnerable.

    Permalink to story.

     
  2. Uncle Al

    Uncle Al TS Evangelist Posts: 1,682   +787

    And if NSA is on top of their game, they are using them to the hilt to send all sorts of misinformation as well .... thus is the world of counter-intelligence .....
     
  3. Kotters

    Kotters TS Enthusiast Posts: 46   +27

    I am now dumber for having read this post.
     
    Reehahs likes this.
  4. mizkitty

    mizkitty TS Enthusiast Posts: 38   +7

    Apparently some Android phones also send data back to Google...
     
  5. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,558   +2,900

    "Some budget Android phones are secretly sending user data to servers in China"
    Would that be the Chinese knock-off phones? You know the clones that are sold for little to nothing!
    So you didn't understand the comment and now feel dumber for it?
     
    captainload, Reehahs and SirChocula like this.
  6. Kotters

    Kotters TS Enthusiast Posts: 46   +27

     
  7. Jack007

    Jack007 TS Booster Posts: 161   +34

    This is seriously harmful to americans. damn you guys are in real big trouble. china knows every move you guys make
     
  8. Jibberish18

    Jibberish18 TS Guru Posts: 531   +38

    China now knows what you all are fapping too. =O
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...