FYI............WELL WHAT DO YOU KNOW ! Chinese Spyware
David M. Adam, Jr.
Report: 700M Android Phones Contain Chinese Spyware
by John Lister on November, 16 2016 at 12:11PM EST
Some cheaply made Android phones are reportedly sending copies of text
messages to a Chinese source every 72 hours. The official explanation is
that international customers have unintentionally received handsets with a
"feature" designed for Chinese users.
A security firm named Kryptowire made the discovery. It found that hidden
software preinstalled in phones was contacting a Chinese server every three
days and passing on details including contacts lists and call logs. The
software also sent back daily updates with the full content of text messages
and location data. (Source: arstechnica.com
<http://arstechnica.com/security/2016/11/chinese-company-installed-secret-ba
ckdoor-on-hundreds-of-thousands-of-phones/> )
How many phones are affected is as yet unclear. One American company, BLU
Products, says it recently updated 120,000 phones to remove the code,
immediately after becoming aware of it. The Chinese company which wrote the
software, Adups, says its code is on around 700 million devices worldwide,
including phones and other Internet-connected devices including cars. The
code also made it possible to remotely search for messages containing
specific keywords.
Code Explained As Junk Text Detector
According to Adups, it was a mistake that the code ended up on US devices.
It says a Chinese manufacturer asked for the code as a quality control tool
to make it easier to track unwanted marketing text messages. (Source:
nytimes.com
<http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-securit
y.html
Other than that, Adups isn't giving much detail and won't say which specific
handsets might still be affected. That's particularly problematic seeing as
Kryptowire says the code is extremely well hidden on the phones. It says the
only way it found out about the software was following a lengthy technical
analysis, which later revealed what was truly going on.
Chinese Connection Raises Eyebrows
The code is part of the firmware, which is software that operates the phone
itself rather than individual applications. Normally manufacturers reveal
when they make changes and update to this firmware, but that doesn't appear
to have been the case here.
While this incident is being explained away as a blunder, the fact that the
data is going to China may arouse some concerns. While Adups says it has no
affiliation with the Chinese government, it would hardly be shocking to
discover officials in the country are trying to get hold of communications
data about Chinese citizens, or indeed foreign users.