N.Y. Times: Back door in certain Android phones sends data to Chinese servers (UPDATE)

N.Y. Times: Back door in certain Android phones sends data to Chinese servers (UPDATE)
UPDATE: We have received official statements from ZTE and Huawei. "We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected."-ZTE USA

"Huawei takes our customers' privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them."-Huawei

A story in the New York Times today reveals that some smartphones contain a secret backdoor that sends data to servers located in China. Pre-installed software on certain Android powered handsets kept track of where users went to, the phone calls they made and received, and the content of text messages that were sent. The number of devices possibly involved in sending this information to China is extremely high.

The company that wrote the software, Shanghai Adups Technology Company, says that its code runs on more than 700 million smart devices including phones and cars. The software reportedly transmitted information to China every 72 hours; according to the newspaper, those most affected are international smartphone users, and those who employ pre-paid or disposable phones.

The Times says that it isn't clear whether the collection of data is being done for advertising purposes, or for espionage reasons. In the U.S., Miami-based BLU said that the data mining software was discovered on 120,000 of its phones. The company says that it has eliminated the feature with a software update. Data sent to the Chinese servers include full text messages, contact lists, call logs and location data.

In explaining its presence on BLU phones to the company's executives, Adups said that the software was designed to help Chinese phone manufacturers track the behavior of users and was not meant to be included on U.S. phones. Adups website says that its software is found on handsets manufactured by Huawei and ZTE. Both are based in China, and Huawei is currently the third largest smartphone manufacturer in the world after Samsung and Apple.

While ZTE and Huawei both sell handsets in the U.S., it was a BLU R1 HD model that helped a security firm named Kryptowire uncover the back door. A company researcher purchased the BLU handset for an overseas trip. While setting up the phone, he realized that it was sending text messages to a server in Shanghai that was registered to Adups. Kryptowire contacted the U.S. government about its findings.

BLU CEO Samuel Ohev-Zion says that the company had no knowledge of the Adups software and says that no BLU handset runs the software today. Adups told BLU that all of the data taken from BLU customers was destroyed.



source: NYTimes

FEATURED VIDEO

31 Comments

1. phldlphn unregistered

CHY-NA!

16. neela_akaash

Posts: 1239; Member since: Aug 05, 2014

Same like Apple send user's data to US's servers. Blackberry sends user data to Canadian servers. As far as PERSONAL DATA is concerned US is far more dangerous than any other country.

18. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

I am glad that the problem is exposed. Now I am waiting for a way to detect this spyware. Anyone has any information on this?

23. middlehead

Posts: 448; Member since: May 12, 2014

From another site: "Go to Settings > Apps > Show System > Wireless Update. If your version of Wireless Update is from 5.0.x to 5.3.x, contact BLU immediately. If your version doesn’t fall into that category, you are fine, according to BLU."

35. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

19. Tanujtiwari

Posts: 84; Member since: Mar 18, 2015

One word. Xiaomi.

20. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Xiaomi is safe!?

24. HomerS

Posts: 419; Member since: Sep 19, 2014

No chinese company is safe.

27. yoghibawono

Posts: 240; Member since: May 04, 2016

Xiaomi sends it if you ALLOWED it. Mi message ahem, especially if you use China ROM, of course that is the ntural thing. Remember that xiaomi already has their own ecosystem, and their cloud storage is very much promoted. You can disable the setting

31. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

I don't normally setup third parties account be it Samsung or Xiaomi. I using Xiaomi International ROM so fingers crossed. The cat is out of the bag its just a matter of time we develop a way to detect it than it will be just another malware issue. Android is a open platform which are more prone to such problem. However, i still would prefer it over having no option to customize and getting gouged on expensive proprietary accessories.

25. piyath

Posts: 2445; Member since: Mar 23, 2012

huh... are you trying to generalize this critical security/privacy issue now? America is the wealthiest country by far. Every Chinese company wants to sell their product so badly in USA and of course they are doing that very successfully for decades now. Chinese, Korans, Taiwanese and many other countries wants to grab money from US people because they have much more money to spend compared to Chinese citizens. There is no argument about who wants whose private info more. Apple just started selling it's products in China and Apple always competes with innovation and quality products. So save your silly argument for another time.

2. JunitoNH

Posts: 1946; Member since: Feb 15, 2012

I truly always known or felt in my heart of heart, this to be true. It's why I will not use a finger print scanner, do banking, and e-mail with Chinese devices. If they can hack companies and Washington, you, us, the little guy don't stand a chance. Since they built and designed the device, back doors can reside anywhere, in the architecture of any phone. One day you get up, and wonder how someone obtained your credit card information.

3. kiko007

Posts: 7493; Member since: Feb 17, 2016

"Shanghai Adups Technology Company, says that its code runs on more than 700 million smart devices including phones and cars. The software reportedly transmitted information to China every 72 hours; according to the newspaper, those most affected are international smartphone users, and those who employ pre-paid or disposable phones." Oh lawd......

30. yoghibawono

Posts: 240; Member since: May 04, 2016

just like every US based companies being distributed outside of US; users of Apple India, Apple Asia etc data will be transmitted to the head quarter server, no? Exact same thing. In the era of social media like this and you guys are afraid of your data being stolen? once you input that apple ID, google ID.. your data/personal information is already stored and accessible by others.

4. NarutoKage14

Posts: 1312; Member since: Aug 31, 2016

If I'm correct, China made back doors mandatory for Chinese manufacturers. This doesn't surprise me one bit setting as how Chinese companies have been accused multiple times of doing this. One reason why I will never buy a phone from a Chinese based manufacturer. If I'm going to be spied on the government I live under is enough.

5. Zylam

Posts: 1810; Member since: Oct 20, 2010

Android eh.

6. HugoBarraCyanogenmod

Posts: 1412; Member since: Jul 06, 2014

Wow people still trust new York times after the results? Sorry I'm not buying it

7. kiko007

Posts: 7493; Member since: Feb 17, 2016

Seriously, put down the blunt man......

8. iLovesarcasm

Posts: 589; Member since: Oct 20, 2014

Bunch of paranoid white people, do you still believe in these Uncle Sam's propaganda?

9. j2001m

Posts: 3061; Member since: Apr 28, 2014

Does the oneplus have this problem, time to stop buying that phone just in case

10. ausnote4

Posts: 40; Member since: Nov 25, 2014

I was always worry about this but this kinda proves it. I was so tempted to get the Huawei Mate 9 but will have to wait for Samsung Note 8 or Samsung A810 or Samsung C9 Pro. Still using Note 4 after returning Note 7 :( If Samsung is listening Note 8 spec -5.9" to 6" quad hd or higher super amoled screen -SD Card -IR BLASTER (leave it in, convenient to use and not search for remote control) -MHL (I need this to dock in my multimedia dock, wireless/s beam is too flaky) ->3500mah batteries -water proof

12. Ironboned

Posts: 77; Member since: Jun 16, 2016

Another popcorn article from iPhonearena. Bulls**t, this article is bulls**t

14. lnguyen7186

Posts: 27; Member since: May 30, 2011

""iPhones users be aware"" after all Apples products are assembled/ made in CHINA

15. lnguyen7186

Posts: 27; Member since: May 30, 2011

Just about everything in the U.S. are from China nowadays. Trump will FIX this!!!

17. TheOracle1

Posts: 2148; Member since: May 04, 2015

This is a storm in a teacup and not unusual. All phone manufacturers have a version of this type of software. Here's a link to their website. Make your own conclusions: https://www.adups.com/article/show_article.php?id=162

28. ibend

Posts: 6747; Member since: Sep 30, 2014

"Adups told BLU that all of the data taken from BLU customers was destroyed" yeah right.. destroyed...we should believe whatever this spy maker said...

29. Beijendorf unregistered

I was interested in buying a Huawei or Xiaomi, but now... meh. I'm put off. The NSA scandal was bad enough. I'd rather not get data mined by TWO faceless entities, one of whom is a frickin advertisement agency.

33. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

I didn't buy them out of the kindness of my heart. I buy them believing in their value for money proposal. The first XiaoMi Mi Max I bought online has un-removal malware in ROM detected by malwarebytes, I sent it back and bought another one from a shop un-open and allow me to install malwarebytes to scan the phone. Inconvenience yes, but I really like the phone and its low price.

34. Wilsherekate5

Posts: 1; Member since: Nov 17, 2016

My husband use to be a big time cheat,and i was curious of getting proofs about it for real then i saw recommendations about mastershield55@gmail.com online and never hesitated to contact him,He asked me for some few information about my husband mobile device no personal info was asked for also,i provided it all to him and in less than 24 hours i was getting too see my husband text messages,call logs and as well as whats app messages as they come into his phone,i was able to get good and solid proof for my Antony to file a divorce,if you are having similar issues i would advice you contact mastershield55@gmail.com tell him Wilshere Kate referred you.

36. bell123

Posts: 1; Member since: May 02, 2017

Do you know it is possible to boost your credit score? Find out if your husband or wife is cheating on you or hiding something from you? Do you want to hack any email account, mobile phone, facebook, website? Delete criminal records or change your grades? Contact: reputablehacker@gmail.com

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.