A new backdoor that was recently discovered in budget Android devices is sending user location data, text message, and call logs to a server in China every 72 hours, and no one seems to know the reason why. First reported on by the New York Times on Tuesday, the backdoor was discovered by Security firm Kryptowire.
According to the New York Times report, the backdoor comes in the form of pre-installed monitoring software that collects the above-mentioned information. The Times said that American authorities are unsure if the data is being collected for advertising purposes, or if it is and actual governmental effort at surveillance.
One of the most interesting aspects of this backdoor is that it is an intentional piece of the software on these devices. That, as noted by The Verge, makes it a feature of the device and not an exploited vulnerability.
The software was developed by a Chinese company called Shanghai Adups Technology Company, which claims the code is active on more than 700 million Android devices. According to the Times, it predominantly affects international users and those who use prepaid Android devices, but the total impact of the backdoor isn't fully known. However, the Times did note that American Android manufacturer, BLU Products, had 120,000 of its phones affected.
According to documents provided to BLU by Shanghai Adups Technology Company, the code was originally written for another Chinese company, to help them monitor phones, the Times reported. Additionally, Shanghai Adups Technology Company's website claims they work with smartphone manufacturers ZTE and Huawei.
However, a Huawei spokesperson said: "Huawei takes our customers' privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them."
Additionally, an official statement from ZTE USA read: "We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected."
A Google official told the New York Times that it had asked Shanghai Adups Technology Company to remove the software from devices running the Google Play Store. Also, Kryptowire has taken its findings to the US government.
The discovery comes at a turbulent time for Android, as recent malware discoveries claimed to put millions of devices at risk of dealing with fake advertising and other issues. The news also adds more fuel to the conversation around backdoors in smartphones, sparked by Apple's battle with the FBI over privacy concerns earlier this year.
The 3 big takeaways for TechRepublic readers
- A backdoor on some Android devices is sending call logs, location data, and full text messages to a Chinese server, as reported by the New York Times.
- The backdoor appears to be a feature and not an exploit, as the code was intentionally added to the operating system for the purpose of gathering information, the Times reported.
- The discovery of this backdoor could reopen the conversation around smartphone privacy started by Apple and the FBI in early 2016.
- How to reboot Android into safe mode for easy malware removal (TechRepublic)
- Do not touch this one Android setting and most malware will leave you alone, mostly (ZDNet)
- BYOD (Bring Your Own Device) Policy Template (Tech Pro Research)
- 10 must-have Microsoft apps for your Android phone (ZDNet)
- Delete unused Android apps now, or risk a security nightmare (TechRepublic)
- Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say (New York Times)