Budget Android phones are secretly sending users’ text messages to China

Software installed on some Android phones secretly monitored users, and even sent keyword-searchable, full text message archives to a Chinese server every 72 hours, according to research from security firm Kryptowire.

The software, which also tracked users’ location data and call logs, was written by the Chinese company Shanghai Adups Technology Company, but its purposes — state surveillance or advertising — are unknown. “This isn’t a vulnerability, it’s a feature,” Kryptowire vice president of product Tom Karygiannis told The Verge.

The news was first reported earlier in the morning by The New York Times.

Adups claims to have software running on more than 700 million, mostly low-end devices, and says it has partnered with some major manufacturers like Huawei and ZTE, but the scope of the installed software is also unclear. (Huawei and ZTE did not immediately respond to a request for comment.) At least one US manufacturer, BLU Products, was affected, with 120,000 phones found running the tracking software. The company told the Times it has since removed it.

Adups told the Times that the software was not meant for US phones.

The incident is reminiscent of a problem with HTC devices, which, through lax security, allowed malicious third parties to steal sensitive information. The company settled with the FTC in 2013 over the incident. But the Adups problem “is far more extensive,” Karygiannis says — logging more specific information on users without their knowledge, and through pre-installed software.

Adups did not immediately respond to a request for comment.

Previous Post
Next Post