700 Million Androids are Secretly Sending Your Private Data to China

If you own a smartphone, you most likely own an Android phone. If so, your phone could be one of the 700 million phones which secretly sends all your data to China every 3 days.

These phones contain a backdoor of sorts which sends call logs, SMS messages, contact list, location history and app data to China every 72 hours.

Discovered in the U.S

Researchers from Kryptoware have discovered an alleged backdoor in many of the budget smartphones sold in the U.S, which collects and sends data anonymously to a Chinese server. The firmware code in these phones is developed by a Chinese firm called Shanghai AdUps Technology. The company claims that its software runs on more than 700 million devices across the world.

AdUps provides its software for smartphone manufacturers like Huawei and ZTE as well which also sell their phones in various countries all over the world. Qmobile also gets its phones from China and those phones could also be at risk. For the time being, there has been no mention of OnePlus or Xiaomi in this case.

The backdoor is said to be put there intentionally and not due to a security flaw or by an accident. The authorities are still unsure whether it only sends data for advertisement purposes or as government surveillance by China.

The Backdoor’s Capabilities

The backdoor is capable of executing these operations anonymously without the user knowing about them:

  • Collect and Send SMS texts to AdUps’ server every 72 hours.
  • Collect and Send call logs to AdUps’ server every 72 hours.
  • Collect and Send user personally identifiable information (PII) to AdUps’ server every 24 hours.
  • Collect and Send the smartphone’s IMSI and IMEI identifiers.
  • Collect and Send geolocation information.
  • Collect and Send a list of apps installed on the user’s device.
  • Download and Install apps without the user’s consent or knowledge.
  • Update or Remove apps.
  • Update the phone’s firmware and re-program the device.
  • Execute remote commands with elevated privileges on the user’s device.

The backdoor was discovered in two system applications which cannot be modified or removed by the user. They are com.adups.fota.sysoper and com.adups.fota

Kryptoware notified Google, AdUps and Amazon, which exclusively sells the BLU R1 HD phone which also contains the backdoor.

Google and AdUPs’ response

Google issued a statement saying that they are working with affected parties to patch the backdoor but they do not know how widely AdUps has distributed their software in Android phones.

AdUps said that its software was not intended to be included on smartphones sold in America and is only designed to help Chinese smartphone makers to monitor user behavior.

No matter what the company says, the issue is significant and in a world where privacy concerns are growing backdoors like this make you wonder whether you are truly safe or not. There’s also the aspect that US is known to blow a situation out of proportions when it comes to China while the US government themselves have been accessing user data through hacks and backdoors for ages.

Via The Hacker News

A techie, gamer, and Senior Editor at ProPakistani.

  • We all know how trustworthy this news is as it can have political reasons. What I read is about BLU phones and not this 700 Million figure, that’s strange
    We know US has been accessing user data from Google and others and recently Yahoo scanned 500 Million emails for NSA and Edward Snowden revelations are there and even Google Allo app stores your personal data so i’m not sure what credibility US has in accusing others when it’s the biggest player in spying.
    Article by : Swati Khandelwal
    @ProPakistani does any other major website confirms 700 million figure?
    P.S : the story is from a New York Times and imagine the credibility of this news from a western presstitute media, it’s almost laughable considering the leading role spying by US so it’s okay for US and bad for others if they do spy!!

    • This is where the 700 million figure is from: http://www.kryptowire.com/adups_security_analysis.html
      straight from the horse’s mouth

      Anybody who spies is in the wrong, US has been doing it for ages, not saying that we should be ok with it. US Freedom Act that was passed this year limited the data they can collect so its not all doom and gloom either.
      Still this doesn’t stop NSA or the US government from spying on the its citizens.

      As for China, i can’t say anything for sure. ZTE and Huawei are mentioned above as well aside from BLU.

  • US karay to koi baat nai…..
    China nay kar lia to its all over the media….
    P.S….. Privacy in advanced countries is myth now.

    • Don’t forget Edward Snowden and recent Yahoo privacy nightmare.
      Abhi confirm be nhe ke china ne kiya ya nhi bas NYT main aik bande ny story daal di bas and propakistani nay be story copy/paste ker di.

  • My body & health condition will be Normal when then Girl remained with me some month . This is only solution .

  • This is Just BS. US jealous of the Chinese progress. This is all to decrease sales of Chinese phones to US and other parts of the world.

  • it is quite unbelievable coz chinese confuscianist philosophy eems to be hidden agenda by us neocons. doesnot teach them to do some thing below the belt.

  • close