Backdoor in some Android phones caught secretly sending data to China

Shanghai surprise.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Backdoor in some Android phones secretly sending data to China

You might be wrong to assume that when you buy a shiny new Android phone that there’s nothing malicious on it.

Researchers at Kryptowire claim that several Android smartphones sold through major retailers like BestBuy and Amazon have firmware pre-installed on them which transmits sensitive information to third-party servers in China, without the owner’s knowledge or consent.

Affected handsets include the BLU R1 HD, which ships with firmware developers by Shanghai Adups Technology Co. Ltd. Selling for about $60 on Amazon, the unlocked BLU R1 HD Android smartphone is unsurprisingly a big seller.

Sign up to our free newsletter.
Security news, advice, and tips.

However, the researchers discovered that personal information was being collected by Adups software every 24 hours from the phones and transmitted in encrypted form to servers in Shanghai. Furthermore, some phones were transmitting call logs and the content of text messages every 72 hours.

The data collection could not be disabled by the end user.

BLU has responded to Kryptowire’s advisory by publishing its own security notice to customers:

Blu security notice

BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices.

Our customer’s privacy and security are of the upmost importance and priority.

The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.

BLU’s advisory says that its R1 HD, Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, and Energy Diamond models are impacted and goes on to describe how handset owners can confirm if their device is affected or not.

Even if BLU has resolved the issue, it doesn’t seem to have apologised to affected users or done anything to explain just why its phones were collecting sensitive personal information about its customers and their communications.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Backdoor in some Android phones caught secretly sending data to China”

  1. Dean

    Almost related. Just purchased cctv system sannce made in China and since getting iPhone app, have been getting dodgy requests in Chinese to share picture albums on my phone and calendar dates added asking to accept. Dug a little deeper and found what looks like Chinese spam website address

  2. hya

    Hi,
    I think this issue could be resolved with a rooting… at least I do it to rescue our Lead device, I rooted LEAGOO Lead 5 that has been affected by this backdoor.

    I rooted the phone with KingRoot (from Shanghai :D) and delete main infection that is related to the FOTAProvider via Sophos Security (From London :D).
    After 48hrs there is not any new infected downloaded files by FOTAProvider.

    Seems that FOTAProvider download infected random tools from specific servers and collected data sent back to specific servers.
    I decided to upgrade a Android One project's device for more up to date device!!

    Kind regards
    hya

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.