Chinese company installed secret backdoor on hundreds of thousands of phones
In "mistake," AdUps collected data from BLU Android phones in US.
By Sean Gallagher
Security firm Kryptowire has uncovered a backdoor in the firmware installed on low-cost Android phones, including phones from BLU Products sold online through Amazon and Best Buy. The backdoor software, initially discovered on the BLU R1 HD, sent massive amounts of personal data about the phones and their users' activities back to servers in China that are owned by a firmware update software provider. The data included phone number, location data, the content of text messages, calls made, and applications installed and used.
The company, Shanghai AdUps Technologies, had apparently designed the backdoor to help Chinese phone manufacturers and carriers track the behavior of their customers for advertising purposes. AdUps claims its software runs updates for more than 700 million devices worldwide, including smartphones, tablets, and automobile entertainment systems. The surveillance feature of the software was developed specifically for the Chinese market, the company says, and was unintentionally included in the software for BLU devices.