Consumers who purchased Android smartphones (usually the “disposable” kind that run about $50 apiece) may have signed up for more than they bargained for. The New York Times reports that some models secretly sent data to China. The firmware in those models secretly sent owners’ text messages, contacts, app usage data and even a user’s location to a third party company in China every 72 hours. Scary stuff.
Security firm Kryptowire first discovered the issue, but authorities are working to discover whether the hack is part of a data-mining operation for advertising purposes or a covert information dig by the Chinese government to collect information. The scope of the problem is potentially huge, as “the Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices” However, when manufacturer BLU Products became aware that 120,000 of its smartphones were part of the issue, they swiftly set about a software update to remedy the issue.
Lily Lim, a lawyer representing Adups, told The Times the firmware was initially built at the request of an anonymous Chinese client in order to battle spam text messages, and “This is a private company that made a mistake.” However, U.S. authorities are not ruling out the possibility this was an excuse for the Chinese government to collect user data.
(Via The New York Times)