Report: 700M Android Phones Contain Chinese Spyware
Some cheaply made Android phones are reportedly sending copies of text messages to a Chinese source every 72 hours. The official explanation is that international customers have unintentionally received handsets with a "feature" designed for Chinese users.
A security firm named Kryptowire made the discovery. It found that hidden software preinstalled in phones was contacting a Chinese server every three days and passing on details including contacts lists and call logs. The software also sent back daily updates with the full content of text messages and location data. (Source: arstechnica.com)
How many phones are affected is as yet unclear. One American company, BLU Products, says it recently updated 120,000 phones to remove the code, immediately after becoming aware of it. The Chinese company which wrote the software, Adups, says its code is on around 700 million devices worldwide, including phones and other Internet-connected devices including cars. The code also made it possible to remotely search for messages containing specific keywords.
Code Explained As Junk Text Detector
According to Adups, it was a mistake that the code ended up on US devices. It says a Chinese manufacturer asked for the code as a quality control tool to make it easier to track unwanted marketing text messages. (Source: nytimes.com)
Other than that, Adups isn't giving much detail and won't say which specific handsets might still be affected. That's particularly problematic seeing as Kryptowire says the code is extremely well hidden on the phones. It says the only way it found out about the software was following a lengthy technical analysis, which later revealed what was truly going on.
Chinese Connection Raises Eyebrows
The code is part of the firmware, which is software that operates the phone itself rather than individual applications. Normally manufacturers reveal when they make changes and update to this firmware, but that doesn't appear to have been the case here.
While this incident is being explained away as a blunder, the fact that the data is going to China may arouse some concerns. While Adups says it has no affiliation with the Chinese government, it would hardly be shocking to discover officials in the country are trying to get hold of communications data about Chinese citizens, or indeed foreign users.
What's Your Opinion?
Do you buy the explanation of why the "spy" code was on the phones? Does this deter you from buying independently-manufactured handsets such as those running Android? Do you trust manufacturers to properly vet the code on their phones?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Blu Smartphones
If this doesn't quantify as spying, I don't know what is. Thanks for the heads up on this John! I own two Blu Smartphones (no longer in operation). Since the spyware is firmware related, the only way to defeat it would be to either: (a) flash the phone to another firmware or, (b) block the Chinese servers in question using the hosts file. In the latter case this may not be enough as the IPs for the servers may change, which will only allow the spying to continue. As for flashing firmware: I have had experience with flashing my Blu Studio 5.0c HD device, but after doing so, it won't detect the carrier so I cannot send text messages or use the phone. Besides that, there is no way for me to know if the new firmware doesn't also contain spyware.
Avoids Chinese electronics
A good reason to avoid buying ANY Chinese electronics, especially if working in the government or in an industry with strict privacy/HIPAA requirements.
How does one avoid Chinese
How does one avoid Chinese made electronics when basically almost all electronics are made in China? I'm pretty sure my Samsung Galaxy S 7 was made there.
At least some parts likely
At least some parts likely are to be from China in most electronics. But at least avoid a Chinese phone manufacturer.
Samsung is Korean
Hopefully Samsung's Android OS software is written/compiled in Korea even IF the phones are manufactured in China...But I think hardware manufacturing is in Korea also.
HTC on the other hand is a Chinese company.
I don't have anything
I don't have anything sensitive on my phone for a few reasons, but mostly because It can be lost easily and it's easy to get whacked by apps. I guess I'll add this to the list.
I think the blunder excuse is possible, but not probable. Who was the computer MFG that got busted not too long ago for including monitoring 'x'-ware? We let them off the hook pretty quick on that one.
The most important thing we're missing is how to detect this mess, or did I miss something?
Forgot to mention something...where's the difference between this and what the NSA and other organizations are doing? At least with this, people can just get a different phone to thwart the invasion of privacy. Spy orgs don't give anyone that option.