Security contractors recently discovered that up to 700 million Android phones, cars, and smart devices have pre-installed firmware that secretly sends your private personal information to China every 72 hours without the user’s consent. Kryptowire, the security firm that is responsible for discovering the secret firmware, states that the full contents of text messages, contact lists, call logs, location information and other data is transmitted to a Chinese server every 72 hours via text message.
The company states that “budget smartphones” were most likely to carry the firmware. It was first discovered on the Android BLU R1 HD that sells for just $50.
The firmware was created by Shanghai Adups Technology Company. The company has confirmed that code written by their company runs on more than 700 million devices thanks to their partnership with two of the largest cellphone manufacturers in the world, ZTE and Huawei.
Some companies, such as BLU Products, are fighting back against this non consensual data mining by removing the firmware from their devices. The company’s chief executive, Samuel Ohev-Zion, told reporters:
“It was obviously something that we were not aware of. We moved very quickly to correct it.”
Ohev-Zion went on to say that Adups assured BLU products that the collected data has been destroyed. Adups released a document claiming that an unidentified Chinese manufacturer asked for the code to be written so that they may store call logs, text messages, and other data which could then be used for “customer support.” The company’s lawyer, Lily Lim, claims Adups was simply providing a feature requested by phone companies.
Kryptowire has noted that they have informed all companies that carry phones running the firmware. At this time it is believed the data is being collected for marketing purposes. American officials are investigating to determine whether or not the Chinese government was involved in any way.