Cheap Smartphones in the U.S. are Secretly Stealing Your Personal Info and Sending it to China

Cheap Smartphones in the U.S. are Secretly Stealing Your Personal Info and Sending it to China

November 17, 2016
A tech security firm has discovered that some cheap Android smartphones sold in the U.S. have been extracting users’ personal data and then transmitting them to a China-based company. 
Commercial firmware pre-installed on some Android smartphone models sold in the U.S. has been found to be secretly sending highly sensitive data to Shanghai Adups Technology Co. Ltd., a maker of Firmware Over The Air (FOTA) update software systems, TechCrunch reported. 
The Chinese company was able to spy on users’ phones through pre-installed commercial firmware, according to security firm Kryptowire. Without the phone users’ knowledge or consent, the firmware collects personal data such as text messages, call logs, contacts, app usage data and  location.
Subscribe to
NextShark's Newsletter

A daily dose of Asian America's essential stories, in under 5 minutes.

Get our collection of Asian America's most essential stories to your inbox daily for free.

Unsure? Check out our Newsletter Archive.

 Adups, which installed and controlled the firmware, said it was just a mistake that it got installed on phones sold in the US, noting that the phones with such installation are only intended for the local market. It also claimed to have deleted all accidentally harvested data after the fact-finding team reached out to them regarding the findings.
One such phone with the embedded firmware is the BLU R1 HD, which can be bought in many stores and on for just $50. The report, however, which has not released a full list of compromised brands and models.  
BLU has since released a statement that its phones are no longer harvesting data. A total of 120,000 BLU smartphones had previously been affected.
Kryptowire explained how the firmware hijacks the smartphone via a press release:
“These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.”
Kryptoware has also sent the report to the U.S. government, which is now investigating the matter.
      Ryan General

      Ryan General is a Senior Reporter for NextShark




      Many people might not know this, but NextShark is a small media startup that runs on no outside funding or loans, and with no paywalls or subscription fees, we rely on help from our community and readers like you.

      Everything you see today is built by Asians, for Asians to help amplify our voices globally and support each other. However, we still face many difficulties in our industry because of our commitment to accessible and informational Asian news coverage.

      We hope you consider making a contribution to NextShark so we can continue to provide you quality journalism that informs, educates, and inspires the Asian community. Even a $1 contribution goes a long way. Thank you for supporting NextShark and our community.

      © 2023 NextShark, Inc. All rights reserved.