ISLAMABAD ( MEDIA REPORT )
A Chinese manufacturer has installed ‘backdoor’ software on 700 million Android phones that shares data without users knowing.
The software forces the phones to send all the device’s text messages to a server in China every 72 hours.
A lawyer representing the company that created the firmware said it was designed for a Chinese client and never intended for use on phones elsewhere.
WHAT THE FEATURE DOES
- The feature was discovered by Virginia-based security firm Kryptowire.
- The software forces the affected phones to send all the device’s text messages to a server in China every 72 hours, the analysts said.
- The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the affected Android devices.
- The devices actively transmitted user and device information including ‘the full-body of text messages, contact lists, call history with full telephone numbers’ and identifiers, Kryptowire said.
But one Miami-based phone manufacturer, BLU Products, said 120,000 of its phones had been affected and it has updated the software to eliminate the feature.
The feature was first discovered by Virginia-based security firm Kryptowire.
‘Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users’ consent,’ a statement issued today said.
- Security experts found pre-installed software in some Android phones
- It monitors where users go, who they call and what they write in messages
- It is not known whether this is for advertising purposes or other reasons
- At least 120,000 US phones were affected, but software has been updated
- Up to 700 million phones elsewhere in the world may also be impacted
‘These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD.’
The devices actively transmitted user and device information including ‘the full-body of text messages, contact lists, call history with full telephone numbers’ and identifiers, the company said.
Shanghai Adups Technology Company, a Chinese company, designed the software to help a Chinese phone manufacturer monitor user behaviour.
Adups claims to have a worldwide presence with a market share exceeding 70 per cent across over 150 countries and regions with offices in Shanghai, Shenzhen, Beijing, Tokyo, New Delhi, and Miami.