The software of the company of Adups collects as well as all private data of Android phones and can silently install apps on the device. It was developed at the request of Chinese provider. Their use in other areas was a mistake.
Software of the Chinese company Shanghai Adups technologies, which is built on cheap smartphones in its Android operating system, spying on the users of the phones and loads loads personal data on servers in China. The update mechanism for the firmware of the device (firmware Over the Air, FOTA) analyzes user behavior of users, to allow manufacturers and providers to offer them targeted advertising. The software is installed on over 700 million devices worldwide according to Adups. The manufacturer of BLU products, whose Geräte are sold exclusively on Amazon, but also larger providers such as ZTE is affected.
The data disputed off include phone numbers, phone-specific information such as the IMEI, the contents of the text messages, the exact location, the complete history of connection and apps installed on the device. According to the security firm Kryptowire, which examined the software under laboratory conditions, Adups can install but also apps on the device and execute commands. The software circumvents the rights system of Android and it is difficult to track down if you don’t know what you are looking for. Since antivirus programs typically assume that software that comes with the device is harmless, they in this case have remained ineffective.
The software had encrypted the data collected and in JSON format on multiple servers with Chinese domains uploaded, by the name of Adups be controlled. Most of the data was collected every 24 hours, text messages and the connection history were transferred every 72 hours. Kryptowire works closely with the U.S. Homeland Security Agency, has in this case but according to own independent and examined by accident. A researcher of the company bought a BLU R1 HD as a cheap phone for a foreign trip and discovered when setting up strange network traffic.
All just a mistake
Which devices are exactly affected is unknown. A spokesman for Adups technologies said compared to the New York Times his company made a mistake. It not if were a Government espionage action, so the tenor of the opinion. The affected devices were intended for the Chinese market and the espionage capabilities had been developed on the desire of Chinese equipment manufacturers and. Whether the spy software in BLU equipment is installed, which were offered as an import in German online shops, heise Security could not verify so far. It is still conceivable.
The BLU announced an over the air update removed the espionage capabilities of the devices, after Kryptowire had informed the manufacturer, as well as Adups, Google and Amazon. Huawei, called by the times also as a customer of Adups software, has meantime expressed: they have never in any way with the company worked.
The case in a way reminiscent of the carrier IQ software that had been discovered in December 2011 on millions of smart phones of from different manufacturers. Also this software should collect user data for manufacturers and providers. The case had at the time part of ripples and led to a series of lawsuits against the manufacturer of the software. Among other things, the U.S. Trade Commission FTC initiated legal action. (fab)