Skip to main content

Chinese Spyware Found On 700 Million Android Phones

  • Author:
  • Updated:

Adups, a Chinese startup, is using its software that comes preinstalled on many Android phones, to snoop on users. 

The firmware, whose main function is to allow updates via an internet connection, has been “sending massive amounts of sensitive personal data to [Chinese] servers,” according to Trustlook. The gathered information reportedly includes phone numbers, location data, text message content, voice call metadata, and user-installed applications. Trustlook found that Adups gathered data for a period starting in July and continued for approximately 6 months.

Following a technical investigation of the Adups firmware, Trustlook found that a user’s data was sent to servers in China every 72 hours. What's more, 43 manufacturers use the software on their products, including Lenovo, BLU, ZTE, and Logicom. 

Users who are worried that they might be affected by this surveillance can install Trustlook’s free Mobile Security App, which scans for the hidden app known as “Android.Trojan.Adups.” 

According to BRG, most of the manufacturers only supply devices to Asian markets and very local smaller markets. BLU, who has a larger distribution, has already taken action to keep Adups' spying under wraps. 

A ZTE spokesperson told Cyberscoop, “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not.”

The spyware was discovered by Kryptowire in November. Researchers said that the spyware was so well hidden that it was almost impossible to detect. 

Kryptowire’s vice president, Tom Karrygiannis, said: “The traffic was encrypted multiple times and the servers that were being used were also part of the firmware checking and updating process.”

“Even if an average user was able to notice the traffic, he/she would not be able to understand what this traffic was about,” Karrygiannis said. “Given that this same domain was used for firmware updates, it is highly unlikely that the users or an internet provider for that matter, would have recognized the traffic as [personal identifiable information] transmission because it was camouflaged as part of the firmware updating/checking process.”

“The Department of Homeland Security was recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies,” said Department of Homeland Security spokesperson Marsha Catron. “We also encourage all Americans to take precautions to ensure the security of their data and personal information, including using strong passwords, maintaining up-to-date antivirus software and minimizing the amount of personal data they share online.”

Sources: Trustlook (2) (3), BGR, Cyberscoop / Photo credit: Flickr via BGR

Popular Video