Low-cost Android phones are secretly sending your messages and contacts to China

The company sold over five million smartphones in the US alone last year.

blue-vivo-5-05.jpg
(Image: Sarah Tew/CNET)

Fears of backdoors in Chinese smartphones just became a reality to millions of users.

Security researchers have found preinstalled software in some Android phones that monitors a user's contacts, messages, and locations -- and every three days, sends that data to China, according to The New York Times, which first covered the story.

You heard that right.

One of those phone makers affected is Blu, a smartphone maker based in Florida, which confirmed that 120,000 of its phone included one of these backdoors.

The company said in a brief statement that a third-party application, known as Adups, had "been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers," and has since issued a software update to remove the feature.

The researchers at security firm Kryptowire said that the firmware "could identify specific users and text messages matching remotely defined keywords," but was also able to execute remote commands with system privileges and remotely reprogram the devices.

It's not known if the Adups software was part of a Chinese intelligence operation or for data mining, the Times pointed out.

Blu may not be a widely known company, but the company specializes in offering unlocked phones. Last year alone it sold over five million unlocked devices.

These low-cost phones are found on Amazon, at BestBuy, and other major retail outlets, and are a massive hit around Latin America and lower-economically viable regions.

It's not known if other devices are affected.

Shanghai ADUPS Technology Co., Ltd., the Chinese software company behind the Adups software, says on its website that it also serves ZTE and Huawei, two Chinese technology giants.

A US congressional investigation said in 2012 that Huawei and ZTE networking hardware contained backdoors that could be used for espionage, but the two companies denied the charges. The investigators suspected the Chinese could compromise US government networks that use the technology, but that didn't extend to smartphones.

In a lengthy statement, Adups said that it has "taken customer and user privacy very seriously" and uses the data to screen out junk texts and calls from advertisers."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All