Just when you thought Android security couldn't get worse, it did. German security vendor G Data discovered a high-end Android phone - the Star S9500, but sold under other names - with factory-installed spyware burned into firmware.
Disguised as the Google Play Store, the spyware runs in the background and is undetectable by users. It covertly sends data to a server in China and can install new applications.
But at least you're getting a lot of phone for your money: capacitive 5" HD IPS touch screen; quad-core processor; 1GB RAM; 8MP camera; Android 4.2; dual-SIM card support; second battery; car charger; and a second cover. All for as low as $135 online with no contract.
Who could ask for more? Especially since the Samsung S5's manufacturing cost is estimated to be over $250.
And feast your eyes on the could-be-mistaken-for-an-iPhone styling:
G Data says this about the spyware:
. . . the firmware contained the Trojan Android.Trojan.Uupay.D, disguised as the Google Play Store. The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly. The program also blocks the installation of security updates.
Ebay has taken the phone off their site, but if you hurry you can still get it on Amazon.
The Storage Bits take
Expect to see this gambit repeated on other phones. There's a couple of billion naive people who'd like a nice smartphone and can't afford a name brand.
The obvious flaw in the S9500 strategy is the price: it's suspiciously low. That's a very easy problem to fix.
The longer term problem is that criminals will try to alter the firmware in brand name phones which, after all, are all manufactured in China. Folks who poison baby formula for profit can't be underestimated.
Bottom line: You get what you pay for. If it seems too good to be true, it probably is.
Comments welcome, as always. Are smartphones overpriced?