03:45 GMT13 June 2021
Listen Live
    Get short URL

    A Chinese software company called Adups, whose firmware comes pre-installed on some 700 million Android devices, has been found to be able to collect personal information from users without their knowledge or consent.

    Security analyst firm Kryptowire first discovered the privacy breach in November 2016. Adups data mining was revealed almost by accident by a Kryptowire employee who discovered a backdoor allowing information to be leaked. After that, antivirus manufacturer Trustlook dug deeper and the scope of the privacy violations facilitated by Adups was quickly shown to be significant. The Adups data collector was found to collect text messages, call history, and device information from phones upon which it is installed.

    Adups denied that the software is used to collect private user data, but was instead put in place "to identify junk text messages and calls." They then referred to the installation of it on US phones as a "mistake."

    The majority of Android phones that use Adups are smaller companies that only release devices in Asia. However, BLU Products (which claims to have sold 35 million devices in the Western hemisphere) and several other well-known manufacturers including Lenovo and ZTE also install Adups firmware on their smartphones. BLU announced that they will no longer use Adups firmware on their phones, switching it out for one made by Google. Lenovo, ZTE, and others have followed suit.

    Another endangered piece of hardware? Barnes and Noble’s NOOK Tablet 7, which, unlike a mobile phone, cannot remove its Adups firmware with a software update. Fred Argir, Barnes and Noble chief digital officer, issued a statement that Adups does not collect personal information from any of their users. He also said that the bookseller is working on a way to remove Adups from NOOK.

    Trustlook advises Android users to upgrade their firmware to the latest version as soon as possible if they believe their phone may have privacy-violating software such as Adups installed.

    Android devices typically rely on third party hardware and software, and thus are seen as more vulnerable to security breaches than their Apple counterparts. A piece of malware called "Gooligan" infected over a million Android devices in late November, putting control of the devices into the hands of hackers. Most of the compromised phones were in Asia. In August, mobile security experts found that the 900 million Android phones made with circuits from the component maker Qualcomm were highly vulnerable to cyberattacks.


    Android Army: Google to Train 2 Million Mobile Developers in India
    Spies Can Track Android Phone Users Just by Watching Battery Use
    Apple Quarterly Profit Drops 19% Amid Lower iPhone Sales - Statement
    Ahmed Mansoor: The Man Behind the iPhone Hack by Secret Israeli Cyber Firm
    Over 1Mln Google Accounts Breached by Android Malware Campaign Gooligan
    digital surveillance, digital privacy, privacy, software, spyware, Barnes and Noble, Android, China
    Community standardsDiscussion