An alarming privacy issue has been uncovered with some Android phones secretly sending text messages, call logs and customer information back to China every 72 hours.
This was made possible by a piece of software written by Shanghai Adups Technology Company that was reportedly running on more than 700 million entry and mid-level Android phones.
Adups was discovered by US security firm Kryptowire on a BLU smartphone with authorities unclear whether the backdoor was for advertising purposes or designed as spyware.
Kryptowire says the Adups software was transmitting full text messages, contacts lists and call logs, according to a report in the New York Times.
Adups has since also admitted partnerships with Chinese manufacturers ZTE and Huawei which both sell devices in Australia.
Huawei issued a statement denying any association with Adups.
“Huawei takes our customers’ privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them,” the statement said.
ZTE also followed with its own statement denying devices in the US had the Adups software. But what does that mean for ZTE handsets sold in Australia through Telstra and Optus.
All three major Australian telcos – Telstra, Optus and Vodafone – sell Huawei devices in Australia.
ZTE’s statement read: “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”
The industry has called for more vigilance by manufacturers following the security and privacy backdoor discovery.
Sam Skontos, Alcatel VP and Regional MD for South-East Asia and Pacific, says the possibility that Australian customer data was transmitted to a third party without their knowledge could taint Chinese manufacturers.
Alcatel and its parent company TCT Mobile has never worked with Adups and has no such firmware on its devices.
The company also sends firmware updates OTA (over the air) through its own servers and not third party servers.
“It is a sad day when we are talking about spyware on devices and the fact that some global companies think it’s OK to take security and privacy away from consumers,” Skontos says.
“This is just another example of how some Chinese manufacturers enter markets, do not disclose this type of activity to anyone including industry stakeholders, show no regard whatsoever for consumer security and privacy laws, until of course they are caught out. “Firmware updates may be issued but the damage has been done, and questions need to be asked about why this was on their handsets in the first place.
“It proves that consumers are right to be ever-vigilant about their personal information. It’s also an important opportunity for consumers to ask questions, and for all industry stakeholders to do more to ensure consumer privacy is protected above all else.
“More questions need to be asked, and when these issues are found out, more needs to be done to hold to account companies who deceive consumers.”
“Do not tar all Chinese companies with the same brush. Alcatel has a significant local presence and works hard to localise every single device. You will not find any such spyware on our devices because we respect our customers and the right to strictly protect their privacy and security.
“We have seen around the world the potential for everyday consumers to make a difference, from world politics to more everyday matters. They have the opportunity to send a clear message to the companies conducting their business like this. Consumers should be worried, but they should also be able to more easily identify the manufacturer of their handset, which may be different to the consumer branding on the handset itself.
“The responses so far from those companies named in global media reports should only worry consumers and authorities more.”