Samsung, Xiaomi can access, see and sell the data on your cell phone?

August 18, 2021, by Santiago Comment

It was the cause for which BLU was sued and it is not the only brand. For the same reason, the Trustlook security firm he found than 42 other cell phone brands, including several recognized as Lenovo, ZTE, Hisense, Mediatek Helio and Gionee, they carried the same spyware that Bold Like Us was sued for. Such spyware collected the private data of users, such as the content of SMS, your contacts or call log and sent them to servers in China.

All this revolved around the Chinese company Shangai AdUps Technologies. It was the one that manufactured the software for those mobile brands. A component of this software, which was responsible for updating the Android system over the Internet (OTA Update), is the one that carried out this work of obtaining user data and sending it to AdUps computers in China, for “advertising purposes.” . This update application performed this collection and shipping process automatically every 72 hours. Additionally, this software had a backdoor or “backdoor” through which this company, or any person or entity, you could have remote access to those affected computers.

The cell phone brands that carried AdUps spyware

Aaron Electronics
Aeon Mobile
All Win Tech
Amoi Technology
Archos
OF
Bird
BLU
Cellon
Coship Mobile
DEWAV Communication Group
DEXP Digital Experience
Eastaeon Technology
Electronic Technology Co.
Gionee
GOSO
Hisense
Hongyu
Huaqin
Huiye
Inventec Corporation
Konka Group Co
Lenovo
Logicom
Longcheer
Malata Mobile
Mediatek Helio
Prestige
Ragentek
RDA Micro
Reallytek
RUIO
Sanmu
Sprocomm
Tinno
Uniscope
VSUN
Water World Technology Co.
Wind Communication
WingTech
Yifang Digital
Zhuhai Quanzhi
ZTE

In addition to users’ personal data, such as SMS, contacts, and call logs, the software was found to extract other technical data from the equipment, such as IMEI, MAC address, and Android version.

Archos and other NON-Chinese brands were also affected

When the BLU company was accused that its devices carry this spyware, it replied that it “had not authorized” AdUps to configure its software with this functionality (I put it in quotes, because BLU had already said that it “did not know” about the backdoor and rootkit found by Bitsight on a previous occasion). Apparently AdUps ignored this requirement and stated that it had been implemented accidentally, as it was only intended for the Chinese market. This would explain why there were several Chinese brands involved here. But the strange thing is that this software had not only been found in devices of that origin. He was also in the French brand Archos, DEXP Communication Group from Russia and Prestige from the Czech Republic.

After BLU was reported, it took action on the matter and announced the removal of this “bad” component of the software. Instead, I would use the OTA app offered by Google. I send a patch to block the functionality in the 120 thousand affected devices. In the case of ZTE, it was indicated that AdUps is not used in the ZTE Axon 7 device or in any equipment that is sent to the United States. Huawei also confirmed which has nothing to do with AdUps. Xiaomi is not listed, but that does not mean it does not have spyware.

Regardless of the measures that each manufacturer has taken on this particular situation, nothing guarantees that it will be repeated in the future without users knowing. The AdsUp component or app on Android can change name easily, for example. This could be the case until another security company detects the problem, camouflaged in another way. It is the indefinite game of cat and mouse. In 2021 you still see these types of problems from the manufacturer, even in countries like the United States.

Can you report the manufacturer for spying on your personal information on the cell phone?

BLU, Doogee, Leagoo and “small” brands come with viruses?

Can a NEW cell phone come with viruses?