Inexpensive Android cellphones found to transmit user data to servers in China
‘The user and device information was collected automatically and transmitted periodically without the users’ consent or knowledge’ said the company that discovered problem
The Fairfax, Virginia company Kryptowire has shaken up the cellphone market a bit today, with its finding that certain Android cellphones, sold at retailers such as Amazon and Best Buy, are collecting user data and transmitting the data in encrypted format to servers in Shanghai, China.
“Moreover, some transmitted the body of the user’s text messages and call logs to a server in located in Shanghai. All of the data collection and transmission capabilities we identified were supported by two system applications that cannot be disabled by the end user,” the company said in a post today.
One model sold was identified as BLU R1 HD, sold at Best Buy for $49.99.
“Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users’ consent or knowledge,” Kryptowire said.
“The collected information was encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai. This software and behavior bypasses the detection of mobile anti-virus tools because they assume that software that ships with the device is not malware and thus, it is white-listed.”
According to The New York Times, the software was designed so the manufacturer could keep tabs on customers, but might not have been intended for the US market.
“This is a private company that made a mistake,” said Lily Lim, a lawyer in Palo Alto, Calif., who represents Shanghai Adups Technology Co. Ltd., the company identified with the phones.
Left unanswered was why the data was being collected in the first place, no matter what country the collection was intended for.
“Our customer’s privacy and security are of the upmost importance and priority,” Adups later said in a statement.
“The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.”
In addition to the BLU R1 HD, other models involved include the Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, Energy Diamond.
Another cellphone maker continues to deal with bad press.
CTV News is reporting that a Winnipeg man had his Samsung Galaxy S7 – not the Galaxy Note 7 – blow up in his hand while he was driving (remember kiddies, no texting while driving).
“This is a nightmare for me, I’ve never seen anything like this,” Amarjit Mann told CTV Winnipeg. Mann throw his phone out of the car to limit the damage, then went to the hospital. “I luckily threw it outside. It should have damaged my whole car.”
So, this sounds like that is good advice for Samsung cellphone owners, in general: throw the damn thing out the window before it blows up.