Comforting news from The New York Times: software coming pre-installed in some budget Android phones has been secretly monitoring users and sending their info to China.
This finding comes from the security firm Kyrptowire, which told the Times that every 72 hours the software would send users’ keyword-searchable, text message archives to a Chinese server, not to mention their location data and call logs.
So, who in China knows where you’ve been, who you’ve called and what you texted? That would Shanghai Adups Technology Company. Still, it’s not clear exactly why and how many phones have been affected.
Adups claims that its software runs on over 700 million devices, primarily low-end ones. The company has partnered with major Chinese manufactures like Huawei and ZTE, but also provides software to international firms like US manufacturer BLU.
Though a “combination of happenstance and curiosity,” Kyrptowire discovered the backdoor on one of the American company’s devices, finding that it was affecting at least 120,000 of their phones. After learning about the tracking software, BLU said that it “quickly removed the security issue.”
Adups told The New York Times that the software was never meant for American phones. The company said that it had written the software at the request of an unidentified Chinese manufacturer that wanted to be able to store call logs, text messages and other user data for “customer support.”
The Chinese company added that BLU users’ data was not provided to others and has been deleted.
“In June 2016, some Blu Product, Inc. devices applied a version of the ADUPS [firmware] application that inadvertently included the functionality of flagging junk texts and calls that had been requested by other ADUPS clients,” the company said in a statement to The Verge. “When Blu raised objections, ADUPS took immediate measures to disable that functionality on Blu phones.”
Still, Adups refuses to say which other devices the software has been installed on (explaining that is the manufacturer’s job) and according to Tom Karygiannis, a vice president of Kryptowire, unless you are an expert, you won’t be able to find out for yourself.