Spyware subsidizes high-end Android phone

Spyware subsidizes high-end Android phone

Summary: We're all used to crapware subsidizing Windows PCs. Now firmware-based spyware is subsidizing Android phones. Here's what to look for.


Just when you thought Android security couldn't get worse, it did. German security vendor G Data discovered a high-end Android phone - the Star S9500, but sold under other names - with factory-installed spyware burned into firmware.

Disguised as the Google Play Store, the spyware runs in the background and is undetectable by users. It covertly sends data to a server in China and can install new applications.

Great specs 

But at least you're getting a lot of phone for your money: capacitive 5" HD IPS touch screen; quad-core processor; 1GB RAM; 8MP camera; Android 4.2; dual-SIM card support; second battery; car charger; and a second cover. All for as low as $135 online with no contract.

Who could ask for more? Especially since the Samsung S5's manufacturing cost is estimated to be over $250.

And feast your eyes on the could-be-mistaken-for-an-iPhone styling:

Source: Star

G Data says this about the spyware:

. . . the firmware contained the Trojan Android.Trojan.Uupay.D, disguised as the Google Play Store. The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly. The program also blocks the installation of security updates.

Ebay has taken the phone off their site, but if you hurry you can still get it on Amazon.

The Storage Bits take
Expect to see this gambit repeated on other phones. There's a couple of billion naive people who'd like a nice smartphone and can't afford a name brand.

The obvious flaw in the S9500 strategy is the price: it's suspiciously low. That's a very easy problem to fix.

The longer term problem is that criminals will try to alter the firmware in brand name phones which, after all, are all manufactured in China. Folks who poison baby formula for profit can't be underestimated.

Bottom line: You get what you pay for. If it seems too good to be true, it probably is.

Comments welcome, as always.  Are smartphones overpriced?

Topics: Mobility, Android, Hardware, Malware, Smartphones, Storage

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Nice of you to warn Amazon

    Amazon UK have removed it - I've submitted a warning to Amazon.com.
    • Glad to help!

      Really, Amazon has hundreds working on security and they didn't catch this before eBay? Or me? G Data is a long time security software vendor. Nobody in Seattle has an RSS feed?

      But I feel better about the Fire phone's premium price. No spyware there!

      R Harris
      • Errr

        You think eBay, or Amazon or others actually check to see if third party sellers will allow them to check what they are selling? Even then, someone selling this phone can give one that isn't infected. No way anyone can test them all.
        "Amazon has hundreds working on security " - and you know that how? Just how many? 300? 500?
        Read the article, most phones come from China. I'm sure the Fire is. ....
  • Tip-offs?

    From the G Data blog linked in the article:

    "After receiving tip-offs from customers ... The spy function is invisible to the user ..."

    If the trojan is invisible to Android users, what prompted the tip-offs? Was it due to the "app with the Google Play Store icon in the running processes"? Is this abnormal behavior for a legitimate Android device?

    Am also curious whether or not one could install CyanogenMod (or another AOSP mod) on the device and bypass the spyware ...
    Rabid Howler Monkey
    • Possible additional clues ...

      o deleted logs (were all logs deleted or only those related to the trojan?)
      o failure to apply security updates (many Android devices, including some from OHA members, don't get security updates)
      Rabid Howler Monkey
    • Cyanogen mod

      I'd doubt you could install cyanogen or another mod, simply because the article specifies the malware as being in the firmware; I'd be surprised if you can root the phone.
      • This mod might work


        Especially, if it can be installed on an SD card and one can boot from said SD card (as the firmware is hosed).

        P.S. The Star S9500 supports a TF card up to 32 GB.
        Rabid Howler Monkey
  • Important datum is missing

    What's the brand name?
    John L. Ries
    • John, thanks for the catch!

      I've added the brand name early on, but in surfing the web I saw it under other names - thus the picture.

      R Harris
  • For sale many places

    A quick Google search reveals many places selling them for $130 and up.
  • Price is No Indicator of Security Flaws

    I'd advertise caution in assuming a phone at a higher price is more secure.
  • Knox

    Knox may not be spyware, but it's pretty invasive. My S3 is bootlocked so I cannot load CM or other custom Android ROMs. However, I have used Titanium to "freeze" all the crapware from Samsung and Verizon. If this phone can be rooted could you just freeze the Play Store and sideload apps that you get from another source?
    • Root it and then Sideload and then ...

      Really worth all the BS to save a few bucks? Get an iPhone or a Windows phone, a lot easier and cleaner.
      Woned B. Fooldagan
      • But an iPhone isn't really yours

        A device that the vendor ultimately controls in perpetuity isn't yours even if you bought it.
        John L. Ries
        • This particular Android smartphone model isn't yours either

          It's controlled by malware miscreants.
          Rabid Howler Monkey
  • Spyware subsidizes high-end Android phone

    The U.S. carriers had their own spyware on some of the phones and didn't subsidize it. I remember that scandal from a few years ago. They claimed the software was to allow for testing for cell signal strength and performance. Best to stay away from anything based on android.
    • Yup.

      Blackberry all the way!