Pre-installed software on certain Android phones monitored customers and sent data to China, a U.S. security firm discovered.
The software, which was written by Shanghai Adups Technology Company, collected call logs, text messages, location information, contacts, and other user data and stored it on a Chinese server at the request of an unidentified client, another Chinese company. Data is sent to China every 72 hours, according to the New York Times.
“This is not a vulnerability, it’s a feature,” Kryptowire, the security firm and Department of Homeland Security contractor that discovered the bug, told reporters. Adups claims it designed the software to collect data for “customer support.”
It is unclear whether this constitutes secretive data mining for advertising or other commercial purposes or if it’s a Chinese state-sponsored attempt to gather intelligence, NYT noted.
Adups’ software is active on more than 700 million smart devices used in over 200 countries and regions. How many of those products are in the U.S. is unknown, but at least one U.S. mobile phone manufacturer has been impacted by the software.
BLU Products reported that 120,000 phones were affected by the tracking software, but it has since updated its software and received an assurance from Adups that the collected data has been destroyed.
“It was obviously something that we were not aware of. We moved very quickly to correct it,” BLU told reporters.
Adup’s software spied on customers without their knowledge or consent, Kryptowire revealed. The code is most likely to be present in cheap prepaid and disposable phones.
The software was reportedly intended to track users at home in China and was supposedly never meant to be deployed in the U.S.
“This is a private company that made a mistake,” Adups’ lawyer Lily Lim told NYT reporters, adding the company is not affiliated with the Chinese government. Adups did not provide any specific information on its client though.
Lim further noted that phone companies are responsible for presenting privacy policies to customers — however, these companies may not have been aware that the software was collecting user data.
Kryptowire has presented its findings to the U.S. Department of Homeland Security, which is “working with public and private sector partners to identify appropriate mitigation strategies.”
Send tips to ryan@
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.