Software installed on cheap Android phones sends user data to China
In November 2016, the security contractor Krytowire discovered that cheap Chinese Android phones often include pre-installed software that monitors users' locations, messaging, and contacts, and sends the gathered information to China every 72 hours. Shanghai Adups Technology Company, the Chinese firm responsible for the software, said its code had been installed on more than 700 million phones, cars, and other devices without informing users, but that it was not intended for American phones. The discovery highlighted the vulnerability of the supply chain and companies' ability to hide functionality from end users. In this case, Adups said the functionality was provided on request to help the Chinese phone manufacturer identify junk text messages and calls. When phones from one of the manufacturers, Blu, was found to be still sending data to China, the Federal Trade Commission launched an investigation. In 2018, Blu settled with the Federal Trade Commission in which the company agreed to undergo third-party checks every two years for the next 20 years and was prohibited from misleading the public about how it protects privacy.
tags: China, Android, smartphones, Internet of Things, supply chain, covert surveillance, Adup
Writer: Matt Apuzzo and Michael S. Schmidt; Alfred Ng
Publication: New York Times; CNet
Publication date: 2016-11-15; 2018-05-01