Some Android phones offered backdoor access to Chinese servers: Report

Security contractors discovered the preinstalled software in some Android phones monitoring where users go, whom they talk to and what they write in text messages

Published Date
16 - Nov - 2016
| Last Updated
17 - Nov - 2016
 
Some Android phones offered backdoor access to Chinese servers: R...

Software bundled with some Android smartphones are acting as a backdoor to send text messages to China every 72 hours, according to security research firm Kryptowire. Kryptowire says Adups software installed in some Android smartphones transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server.

Security contractors discovered the preinstalled software in some Android phones monitoring where users go, whom they talk to and what they write in text messages. It is unclear whether the software was preinstalled for secretive data mining or Chinese government-sponsored state surveillance. The software created by Shanghai Adups Technology Company comes preinstalled on more than 700 million phones, cars and other smart devices.

Nearly 1,20,000 phones of American phone manufacturer, BLU Products had been affected and the company has updated the software to eliminate the feature, reports The New York Times. Adups in a document provided to BLU Products says it intentionally designed the software to help a Chinese phone manufacturer monitor user behaviour. The company says the software was not intended for American smartphones.

"This is a private company that made a mistake," Lily Lim, a lawyer representing Adups told The New York Times.

While the scope of installation of third party software on smartphones is not clear, it could have proven to be a potential privacy risk to user data. The software also shows how Chinese companies and government are monitoring smartphone behaviour. Adups provides software to ZTE and Huawei - two of the biggest telecommunication business houses based in China.

Adups is responsible for a code that lets companies remotely update the firmware of their devices. "Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software," Kryptowire told The New York Times.

Google says it has told Adups to remove the surveillance ability from phones running Google Play Store. Android phones sold in China do not offer Google Play services because of censorship concerns.

At this moment, Adups seems to have disabled its software from devices sold outside of China and claims to have deleted the data collected from users of 120,000 affected BLU smartphones. While the vulnerability doesn't seem to be severe, its worth noting that such surveillance can have a catapulting effect on privacy.