A mobile security firm Kryptowire has discovered that Thousands of China made low-priced Android phones contain malicious software that are sending users’ personal data back to China.
China-made smartphones are so much in demand especially the Android phones manufactured by firms like ZTE and Huawei. Android phones are always the preferred choice of over 80% smartphone users across the globe and with the emergence of low-cost alternatives to the highly expensive Galaxy Phone series from Samsung and/or Google’s luxurious Pixel, android fans are buying Chinese phones quite frequently. These phones are not only less expensive than the other available options but also come fully equipped with all the latest technologies and apps.
However, a research report from security company Kryptowire, which was published in the New York Times, has revealed a startling fact about the so overwhelmingly popular Chinese android phones. According to the company, these phones continuously transfer private user data to China after every 72 hours. The culprit is secret software that runs in the background of an unidentified number of Android phones.
The malicious software has been newly discovered and it is developed by another Chinese firm Shanghai Adups Technology co. According to Kryptowire’s research, this software is present in countless Android phones and transmits data directly to servers in China. Currently, there are no clear reports regarding how many of such devices are present in the United States and the total number of affected users around the globe.
According to Kryptowire, this software does much more than simply transferring information to servers in China. It also collects the entire content of the “text messages, contact lists, call logs, location information and other data,” on the mobile and this data is then sent to a Chinese server.
It is also not clear, as of now, whether the software collects data for advertising purposes or for intelligence agencies.
A spokesman from Adups stated that the firm is a private enterprise and the software is nothing else but “a mistake,” the company is not associated with the Chinese government. It is alleged that the software was developed for aiding customer support for an unidentified Chinese company, which is one of the clients of Adups.
It seems that the customers in the US who use their phone internationally and users of prepaid phones are the most affected ones. A US-based phone company BLU has announced that its 120,000 phones have been affected and the company has already updated these devices to fix the issue.
Kryptowire was able to discover this software while one of its researchers bought an inexpensive BLU R1 HD phone while leaving for a trip overseas. While he was setting up the device, he noted an “unusual network activity” and for about a week, he noticed that the phone was transmitting text messages to a server in Shanghai that was registered with Adups. Also, it has been identified that the software bypasses the device’s anti-virus protection because it is present by default in the device.