23 December 2016

News Report: 700 Million Androids Pre-Installed with Chinese Spyware

A Chinese software company called Adups, whose firmware comes pre-installed on some 700 million Android devices, has been found to be able to collect personal information from users without their knowledge or consent.

Security analyst firm Kryptowire first discovered the privacy breach in November 2016. Adups data mining was revealed almost by accident by a Kryptowire employee who discovered a backdoor allowing information to be leaked. After that, antivirus manufacturer Trustlook dug deeper and the scope of the privacy violations facilitated by Adups was quickly shown to be significant. The Adups data collector was found to collect text messages, call history, and device information from phones upon which it is installed. 

Adups denied that the software is used to collect private user data, but was instead put in place "to identify junk text messages and calls." They then referred to the installation of it on US phones as a "mistake." 

The majority of Android phones that use Adups are smaller companies that only release devices in Asia. However, BLU Products (which claims to have sold 35 million devices in the Western hemisphere) and several other well-known manufacturers including Lenovo and ZTE also install Adups firmware on their smartphones. BLU announced that they will no longer use Adups firmware on their phones, switching it out for one made by Google. Lenovo, ZTE, and others have followed suit.

Another endangered piece of hardware? Barnes and Noble’s NOOK Tablet 7, which, unlike a mobile phone, cannot remove its Adups firmware with a software update. Fred Argir, Barnes and Noble chief digital officer, issued a statement that Adups does not collect personal information from any of their users. He also said that the bookseller is working on a way to remove Adups from NOOK.

Trustlook advises Android users to upgrade their firmware to the latest version as soon as possible if they believe their phone may have privacy-violating software such as Adups installed. 

Android devices typically rely on third party hardware and software, and thus are seen as more vulnerable to security breaches than their Apple counterparts. A piece of malware called "Gooligan" infected over a million Android devices in late November, putting control of the devices into the hands of hackers. Most of the compromised phones were in Asia. In August, mobile security experts found that the 900 million Android phones made with circuits from the component maker Qualcomm were highly vulnerable to cyberattacks.

This story first appeared on Sputnik & is reposted here with permission.