Chinese firm caught installing spyware on Android devices
18 Nov 2016
A global Chinese software company is on the radar after the US media reported that it ''left a backdoor'' on its American users' Android phones to secretly send massive amounts of user data to China every 72 hours.
US media reported Wednesday that Kyptowire, a mobile security firm, discovered that Shanghai Adups Technology Co, a software provider of end-to-end device management and software solutions to leading firms, transmitted full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users.
''Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence,'' a New York Times report said.
''International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear,'' it said.
''Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users,'' said Tom Karygiannis, vice president at Kryptowire, which is based in Fairfax, Virginia.
Adups on Friday refuted the media reports. It told China's state-run Global Times that no information associated with the functionality of its software on users' mobile phones, such as text messages, contacts, or phone logs, was disclosed to others.
''We are very regretful to see that some overseas media, without knowing the company's business well, made subjective conjecture and published a distorted report, which caused a bad effect,'' the company said.
On 28 October, Adups agreed with BLU to stop the software's operation and any information received from a BLU phone was then deleted, the Chinese daily quoted the company as saying.
Adups has since apologised for any error in a written statement. ''This is a private company that made a mistake,'' Lily Lim, a lawyer who represents Adups, told the New York Times.