A lot of people in the US have a prejudice against chinese products. Some simply do not believe in the quality and some are more concerned about their privacy. And this news is certainly not going to make a lot of you guys happy. Included for free with some Android phones is “a backdoor that sends all your text messages to China every 72 hours.”
The security firm Kryptowire has uncovered a backdoor in the firmware installed on low-cost Android phones, including phones from BLU Products sold online through Amazon and Best Buy.
Preinstalled software on these phones keeps track of where you go, who you talk to, and what you write in text messages. The backdoor software, initially discovered on the BLU R1 HD, sent massive amounts of personal data about the phone’s and their users’ activities back to servers in China that are owned by a firmware update software provider. The data included phone number, location data, the content of text messages, calls made, and applications installed and used.
This is clearly intentional and is not an exploit in the Android software.
“American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence,” reports the New York Times
The software was developed by a Chinese company called Shanghai Adups Technology Company, which claims the code is active on more than 700 million Android devices. It predominantly affects international users and those who use prepaid Android devices, but the total impact of the backdoor isn’t fully known.
A BLU official talked to ArsTechnica and said that only “limited number of BLU devices” are affected and that the “affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.” However, the Times did note that American Android manufacturer, BLU Products, had 120,000 of its phones affected.
According to documents provided to BLU by Shanghai Adups Technology Company, the code was originally written for another Chinese company, to help them monitor phones. Additionally, Shanghai Adups Technology Company’s website claims they work with smartphone manufacturers ZTE and Huawei. Huawei’s name popping up in such a report is definitely not a good sign for the company when it is trying to carve out a niche for itself in the American market.
A Google official told the New York Times that it had asked Shanghai Adups Technology Company to remove the software from devices running the Google Play Store. Also, Kryptowire has taken its findings to the US government.
Are you using any BLU or other cheap Android devices? Tell us what you think about this in the comments below.