Report: Android Firmware Sent Personal Data to China

...

A number of budget Android smartphones are suspected of sending text messages to China every 72 hours.

Security firm Kryptowire, which first reported the secret backdoor on Tuesday, blamed a firmware developed by Shanghai Adups Technology Company.

The majority of monitoring activities used Adups' Firmware Over The Air (FOTA) update system, developed in response to user demand to screen out junk texts and calls from advertisers.

"Since its founding, Adups FOTA has taken customer and user privacy very seriously," the organization said in a statement published Wednesday.

But the software, according to Kryptowire, transmits sensitive personal data without disclosure or user consent.

Tech Radar released a list of affected models from Miami-based mobile manufacturer Blu. Owners of the R1 HD, Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, or Energy Diamond are encouraged to check their phone by navigating to Settings > Apps > Menu > Show System > Wireless Update. If it is running 5.4.0.3.004, you're in the clear, Tech Radar said. If it reads 5.0.x to 5.3.x, however, you should contact Blu immediately.

It remains unclear how many of the handsets were sold in the US.

These devices relay information like text messages, contact lists, call history (with full telephone numbers), and unique device identifiers, Kryptowire explained. The firmware also collected details about the use of installed applications, and is able to remotely program the gadget.

Shanghai Adups, however, claims this is all a misunderstanding; a simple mistake that has since been rectified.

"In June 2016, some Blu Product, Inc. devices applied a version of the Adups FOTA application that inadvertently included the functionality of flagging junk texts and calls," the company statement said. "When Blu raised objections, Adups took immediate measures to disable that functionality on Blu phones."

It also confirmed that no information—text messages, contacts, phone logs—was disclosed, and any data received from a Blu phone during that period was deleted.

"Also, Adups has been working to further improve the privacy protections in its products. Adups sincerely apologizes to its partners and users," it continued. "We will enhance process management and work to improve transparency, and deliver high-quality products and best service to provide the best possible data security for all our customers."

Neither Google nor Blu immediately responded to PCMag's request for comment.

ZTE, meanwhile, maintains that none of its US devices "have ever had the Adups software installed on them, and will not," the mobile manufacturer told Android Headlines.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    New USB-C Spec Could Spell the End of Headphone Jacks

    Apple isn't the only one who wants to say farewell to the 3.The USB Implementers Forum (USB-IF) last week announced new specs that pave the way for audio to be transmitted via USB-C ports.
  • 5300c769af79e

    Mobile Devices: Smartphones, Tablets, Hybrid Laptops

    Michelle MaistoBy Freelance Writer, 4/20/2016ReadPost a Comment "It is easy to call on Congress to take on an issue -- but you better be prepared.Nathan EddyBy Freelance Writer, 4/20/2016ReadPost a Comment @Charlie Babcock   That is a good point about the revenue is probably.
  • 5300c769af79e

    Tinder Bans Users Under 18

    Tech-savvy teens will have to find a new way to make personal connections: Tinder is reportedly barring users under the age of 18.A Tinder spokeswoman declined to comment further, pointing PCMag to the statement published by TechCrunch.
  • 5300c769af79e

    Secure App and Data Delivery for a Mobile Financial Services Workforce

    Download Mobility can enable greater productivity for financial services organizations and open new channels to customers within the branch and beyond -- but it also brings complications for IT.With a strategic and secure digital workplace, financial institutions can respond faster to compliance mandates, cybersecurity threats, and consumer and employee demands.