Security: A security company has discovered a program on several Chinese Android smartphones that can be assimilated to a backdoor. It collects many personal data from the user to send to a server located in China.
The ecosystem of Android, its unforgiving universe. Kryptowire alerts users of Chinese smartphones running Google’s mobile OS. Some low-end models contain a program to exfilter the data from the user to a server located in china. According to the KryptoWire, just over 700 million phones could be affected by this security breach.
The company behind the program is a Shanghai-based company known as Adups Technology. This company is in charge of developing the firmware of several low-end Android smartphones sold on the main online sales sites. The company cites as example the smartphones sold by the US company BLU products among the affected phones, but the New York Times notes that Adups also counts ZTE or Huawei among its customers.
“These devices transmit information about the user and his device. The transferred data includes the contents of the messages exchanged, the contact list, the call history with all the associated numbers, and the IMSI and IMEI identifiers of the phone, “Kryptowire said in his statement. The company explained that Adups’ software also detected the presence of certain keywords in the collected data, monitored the use of applications on the phone, or executed code on the device by bypassing the protections placed In place by Android. The whole, without the user being informed at any time.
Interviewed by the New York Times on this subject, Adups spokesmen deny any collusion with the Chinese secret services and explain that the fault lies with “a private company having made a mistake. “Adups said it had realized this firmware to respond to an order from a Chinese company that wanted to exploit this data in order to know the profile of its users and improve technical support. The name of the company making the request was not disclosed. This software was not supposed to leave the Chinese market, also specifies Adups.
Kryptowire said it had warned builders potentially affected by this security breach. BLU told the New York Times that they were not aware of the firmware’s capabilities and said they had taken corrective action. Adups ensures that all the data collected on the BLU phones have been erased from the servers, at the request of the manufacturer.
Difficult to disentangle the true from the fake face of this backdoor. The capacities and the specificities of the program developed by Adups could interest the Chinese intelligence services, which Adups defends. But it is quite possible that, as Adups the clamor, this program is only used by a Chinese private company with little regard for the protection of personal data.