Some bad news for budget Android smartphone owners, though we’re not sure exactly which devices are affected. It looks like many budget Android devices have been sending personal information and data to China via some sneaky firmware. Security firm Kryptowire says it has discovered custom firmware on some budget Android phones that was sending highly sensitive information back to a third-party company in China. Included in that information were texts, calls, GPS location, app usage, and more. The company who made the firmware (Shanghai Adups Technology Co. Ltd ) is claiming it was mistakenly installed on phones sent to the US and meant for phones sold in China only. Kryptowire had this to say about the situation:
These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).
The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords.
The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
Kryptowire is unsure how many devices are affected and there is no list but it seems it may only be budget Android devices feeling this pinch at the moment. This has been a concern in the past when it comes to Chinese made phones, Huawei was almost banned by Congress because of it.
In an interview with the NYT, a lawyer representing Adups said the firmware functionality was built at the request of an unidentified Chinese client who intended it to be used to combat spam text messages and for customer support. Although the paper notes US authorities aren’t ruling out the possibility it might have been a Chinese government effort to collect intelligence on US mobile users.
We’ll try and update you as we can. What do you think of this report from Kryptowire? Does buying phones from Huawei, Lenovo, Moto, Meizu or Xiaomi make you nervous? Let us know in the comments below or on Twitter, Facebook and Google+.Source: TechCrunch