On Tuesday, Nov. 15, it was reported that a large number of Android smartphones in the United States had been affected by a software called Adups that is spying on users and sending data from the infected devices back to servers in China.
Adups Spyware
According to Android Headlines, Kryptowire, the security firm that discovered the software, has announced that the software was affecting phones from various different manufacturers, including Huawei, ZTE and BLU devices. According to the original report following acknowledgement of the issue by BLU, the affected BLU phones were already fixed through a software update.
The Adups software was reportedly sending back data including text messages, call logs and location to the servers belonging to the Chinese contractor of Adups. The unidentified Chinese company is not an approved supplier of products in light of both the official statements from ZTE and Huawei, although it was also stated to have been used only for customer support.
The affected smartphones make an encrypted record of several kinds of phone data and upload it every 72 hours to the server in China. Kryptowire has announced that it discovered the firmware can be set to sift through the data for specific keywords such as names or phone numbers, capturing and transmitting only that information.
On Wednesday, Nov. 16, ZTE had also issued a statement aiming to reassure customers of ZTE devices that no smartphones in the U.S. had been affected by the Adups software. Huawei has also issued an official response on the situation, stating that the company who contracted Adups is not an approved supplier.
Despite the reassuring statements from these device manufacturers, the situation is still raising concerns for users of smartphones from any of these companies. This latest malware scandal also serves as nice reminder that customers should only be purchasing their devices through legitimate means and official retailers.
How Can You Tell If Your Smartphone Is Running This Firmware?
According to Kryptowire researchers, for most consumers there is no way to determine if the Adups firmware was running on their phone. The company's investigation involved intercepting data flowing off the phone before being sent over the internet to servers back in China.
According to the website consumerreports.org, only mobile devices running a version of the Android operating system were involved. If you are the owner of an iPhone, then you don't have to be concerned. Blu announced on its website that six of its phone models were affected, including the Studio Touch, Energy Diamond, Energy X Plus 2, R1 HD, Neo XL and Advance 4.0 L2. All of these models are low-priced phones.
ZTE and Huawei, two large smartphone makers based in China denied that their phones would be involved. Google also assured consumers that their Pixel and Nexus smartphones are not affected by the spyware issue. LG said that its phones had not been affected, while HTC and OnePlus said that they are still investigating the issue.
Blu announced on Tuesday night that it fixed the problem, but it didn't give more details. However, this incident fits into a pattern of widespread data collection and highlights concerns about privacy intrusions by technology companies. Some personal data could end up in government hands. It seems that this is a feature rather than a bug, from the Chinese censors' point of view.