EditorialsGadgetsPeripherals

Report: Budget Smartphones are Sending Users’ Personal Data to Chinese Servers

unbox-275-chinese-adups-feat

According to a New York Times report, certain budget smartphones in the US have been found to be secretly sending users’ personal data to a third-party company in China. The discovery was made by security firm Kryptowire, a Homeland Security contractor who analyzed phones outside of their contract.

The culprit, according to the security firm, was pre-installed software in Android phones. The software transmitted sensitive data such as full-text messages, call logs, contacts, app usage data and even the user’s GPS location. The data was sent to third-party Chinese servers.

“This isn’t a vulnerability, it’s a feature,” Kryptowire VP of Product Tom Karygiannis told The Verge. Kryptowire made its findings public on Tuesday, informing the US government through a detailed report.

unbox-275-chinese-adups-2

The software was written by Chinese firm Shanghai Adups Technology Company. The company claims to have software running on more than 700 million phones, mostly of the budget variety. Adups has also partnered with globally-known device manufacturers like Huawei and ZTE.

As of Kryptowire’s report, at least one manufacturer, Florida-based BLU Products has been affected by the spyware, with around 120 thousand phones in circulation running the software.

unbox-275-chinese-adups-1

“BLU Products has identified and has quickly removed a recent security issue caused by a third party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices,” the company said in a statement.

Adups told the New York Times that the software was “not meant for US phones.” The functionality, according to the software company, was “built at the request of an unidentified Chinese client who intended it to be used to combat spam text messages and for customer support.”

Here’s the technical jargon from Kryptowire detailing their findings:

These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.

Kryptowire is expecting more manufacturers to be affected by the particular issue. As of the moment, a full list of afflicted devices is not yet available.

Source: New York Times, The Verge

Related Articles

8 Comments

  1. I had long suspected that something is going on with my Lenovo A5000. Everytime I turn ON my mobile data connection, GPS turn itself ON. Even if I turn it Off, after sometime, it will turn itself ON again. Nakakainis lang. While this is not the case when I turn ON my wifi.

  2. sakin naman dito sa CM Revel 3G saka sa SM Engage 7+ same name ng App. Kada uninstall ko sa kanya kusa syang babalik (hindi naman agad agad, minsan araw lang, minsan linggo). kapag off yung wifi automatic nag-oon yung data ko. basta kakaiba kase twice na nangyari saken. same app pa. “Phone” yung name ng App. yung icon nya parang yung default Phone App pero sa kanya kulay green (yung sa mga lumang OS). Yun lang, share ko lang. salamat.

  3. Naku nadagdagan na naman magiging dahilan ko para umiwas sa mga china brand. Para mas sigurado kahit pa mga mahal na china brand ay tanggalin ko na lang sa listahan.

  4. di lang naman sa mobile eh pati yung ibang laptop, netbook etc install kayo ng firewall para makita nyo kung saan nagkokonek yung gadget nyo. wag na kayo magugulat kung makita nyo sa china.

  5. Ang galing talaga ng tactics ng apple, since walang bumili nung iphone 7, ikakalat naman nila ito. typical apple B.S.

  6. Halos lahat naman ata ng phones eh gawa sa China. I mean hindi naman na doon sya binuo pero kada phones or gadgets natin eh may isang parts dyan na made in China. At dahil anti-China si Trump I’m sure kung malaman nya itong balita eh gagawa sya ng action about this issue kung naka upo na sya.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: