Some US Androids have a backdoor, sends data to China servers: Report
People buy smartphones to make use of various services, which significantly involves making calls, sending texts, browsing the internet, sending emails and searching for locations. But many people use smartphones, unaware of the fact that some of these services are actually being used to siphon off customers’ data, every 72 hours, all the way to servers in China. One such smartphone platform that is being used for data mining is Android.
A US security firm Kryptowire recently discovered a ‘flaw’ in some Android phones. The research conducted by Kryptowire revealed that some Android phones come preinstalled with a special type of firmware developed by Shanghai ADUPS Technology Co. Ltd., a technology company based in China, which transmits entire content of text messages, call logs, contact lists, location information, and presumably other data as well, to a server in China.
Of note, on its website, ADUPS defines itself as a global FOTA (Firmware Over The Air) provider of end-to-end device management and software solutions to leading firms that rely on fast, secure and robust connected services around the world. According to the ADUPS website, it supplies software to two China-based big players in the smartphone industry, Huawei and ZTE. The company says their codes runs on more than 700 million smart devices, including smartphones and cars.
“To ensure ADUPS is providing the correct updates and services, we collect model information, device status, application information, bin/xbin information and summary information from phones and messages, and utilize the information to verify that the appropriate updates and services are sent to the correct devices,” ADUPS said on its website.
However, many experts argued that the ADUPS has deliberately designed the software to serve Chinese phone manufacturers which acknowledges user behaviour, a feature which is functioning under the hood.
On acknowledging the feature, an American phone maker BLU Products raised an objection in June 2016. According to a BLU study, about 120,000 of their phones had been affected by the ADUPS software. In response, ADUPS eliminated the functionality only on BLU phones. ADUPS also confirmed that no information associated with that functionality, such as text messages, contacts, or call logs, was disclosed to others and that any such information received from BLU devices during that period, has been deleted.
Google has been offering its Android software for free to phone manufactures with the ability to customise it accordingly. And since it is open to customisation, the operating system can be played around by third-party developers or even smartphone manufacturers to serve their own purposes. Though, Google has asked ADUPS to remove the surveillance script from phones that run services like the Google Play Store, it is yet not confirmed how many phones have already been affected by the software till date.
More information can be found here.
More information about the research by Kryptowire can be found here.
