Spyware was installed natively by the Chinese company AdUps over 700 million Android devices to collect data of their users.
The IMEI number, SMS and history calls, camera position or the contact list and the applications used … These data collected on many smartphones, tablets and connected objects running on Android worldwide and transmitted every 72 hours to a server located in China without permission of their owners. Kryptowire , a company specializing in computer security, discovered the vulnerability before presenting them to the New York Times . One of its researchers found abnormal activity of a smartphone BLU R1 HD, before realizing that his aircraft regularly sent messages to a server based in Shanghai.
Tracking advertising or state espionage? The software for collecting data has been integrated natively on these devices by the Chinese company Adups, which claims 700 million clients. It theoretically allows to better understand the use of smartphone owners. Among the affected phones included popular entry-level smartphone brands ZTE, Huawei and BLU Products, who confirmed the contamination of 120,000 of its smartphones . His model BLU R1 HD was temporarily made unavailable on Amazon. BLU Products said on its website have deployed an update to resolve the issue.
A voluntary installation and organized
AdUps reacted to the discovery of this spyware explaining that it was not for the US market, but only to China. The company also states that the data collected were not shared and have since been removed. His analysis tool is good in all cases intrusive. This spyware can track the movements of a smartphone user and the content and recipients of his messages, but also to install and update remote applications.
US authorities reserve the right to assess whether such a maneuver was pursuing advertising tracking purposes or mere oversight. Lily Lim, a lawyer for Adups living in Palo Alto, has denied any link his client with the Chinese government. Google, developer of the Android operating system, responded to the ad by asking Adups remove it from its services monitoring system, including the Google Play Store.
In July, the Chinese manufacturer Xiaomi has been accused of having installed a “back door” or “backdoor” on its smartphones. Such technology allows to install and update remote applications on mobile terminals targeted.