Nov 15th, 2016

We’re not sure what’s up with all the questionable data gathering practices in China, but another episode of privacy-busting spyware is plaguing phones from the country. Security firm Kryptowire has discovered that a number of phones from Chinese smartphone manufacturers are loaded up with some troubling software.

The software can read the full contents of text messages, your contact list, location data, and more, and that data is seemingly being shipped off to a server somewhere in China.

Unlike a similar issue that cropped up earlier this year, it seems the software being put on these devices were intentionally placed. The software is made by Shanghai Adups Technology Company, a software contractor who is in business with the likes of BLU, Huawei, and ZTE.

adups-fota

A look at Adups’ American website.

It’s designed to help manufacturers gather what we would hope is anonymous usage data to see how they can make their smartphones better. But if the scope of information being sent is accurate, they’re doing way more than checking out UI and UX interactions.

BLU was the manufacturer whose phones first brought the issue to light, and the company did, in fact, confirm that 120,000 of its phones had Adups software on it and has already issued an update to remove it. BLU claims that they were unaware of the software’s habits.

Furthermore, Adups doesn’t seem to think the practice is unusual or bad, with their only concern being that the version of software which collects this extensive data was not meant to be used on American versions of handsets. And it’s pretty clear why, too — anyone who happens to discover such data gathering methods is likely to immediately suspect the Chinese government of spying.

hacking

But no one knows if that’s the case, and the early word seems to be that this was a simple error. Whether it’s right for the company to be offering such services at all is an issue for foreign policy experts and folks who live under the heavily-censored Chinese domain, so we won’t be getting into that here. (And if you care to learn more on that front, Kryptowire says they will submit their findings to the American government.)

For their part, Adups says that whether they should disclose these data gathering practices is not up to them, but rather it’s the manufacturers’ responsibility to effectively communicate with consumers in their own privacy policy documents. That’s a pretty global understanding of outsourced privacy-sensitive software from where we stand, so we’re hoping any other manufacturers doing business with Adups will look deeper into their own devices and clarify the extent of this software’s scope on all their devices.

[via New York Times]

local_offer    BLU