Well now... security researchers have discovered many models of Android smartphones that feature a secret backdoor that is sending all of your data to servers in China.
The authorities aren't 100% clear on whether this is another attempt at mining data for advertising purposes, or if the Chinese government is scooping up as much information for its own intelligence or not. But never fear, security firm Kryptowire discovered multiple models of smartphones that had firmware that collected "sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent".
A company named Shanghai Adups Technology Co Ltd used a pre-installed firmware over-the-air (OTA) update that was monitoring these devices without detection. Adups was able to secure the users' location, who they talk to, contact lists, and the content of text messages, as well as countless amounts of personal data. The International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) were also part of the data that Adups was taking, which was being sent every 72 hours.
Kryptowire said: "The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices".
Even after multiple layers of encryption, the data was still being sent to Adups, but how did they get around anti-virus tools? This is because the backdoor software was pre-installed with teh device, so anti-virus software would assume that the software shipped with the device and it was okay, and that it wasn't malware - even though it was.
This isn't just a mistake, as Adups intentially designed the backdoor software to help an unnamed Chinese smartphone manufacturer to monitor user behavior, Adups explained to BLU executives. BLU is an American phone manufacturer, which discovered that over 120,000 of its smartphones had the backdoor software pre-installed - but they've since updated the software, removing the feature.
Lily Lim, a lawyer representing Adups said: "This is a private company that made a mistake". Uh... how is it a "mistake"? Leaving the milk out after preparing your cereal, that's a mistake. Writing the wrong word on your spelling test, that's a mistake. Saying that console gaming is superior to PC gaming, another mistake - but intentionally baking in spying software into devices, is far from a mistake.
Lim added that Adups wasn't in cahoots with the chinese government, assuring that all of the information that it collected from BLU customers had been destroyed. Sure. Sure it was.