Is China spying on US citizens using cheap smartphones?
That is the question in everybody's minds after reports indicating budget Android phones made in China are secretly sending personal data including text messages to a company in China.
The New York Times mentioned in an article that the privacy breach was discovered by security contactors from Kryptowire and that the cause of the breach was a pre-installed software.
According to Chinese company that created the software, it was accidentally installed in the cheap smartphones that sold for around $50 in the United States. One confirmed brand that transmitted data to China is the BLU R1 HD. Other devices are yet to be named.
Authorities believe the secret feature that sends the date through a backdoor' can be because of either two reasons: 1) the company is collecting data for advertising purposes or 2) the Chinese government is collecting intelligence.
Either reason is of course not acceptable. Many have already voiced their concern and alarm including the security firm that discovered the illegal data mining, Kryptowire.
Tech Crunch got hold of a copy of the press release released by Kryptowire and here is part of what it said:
"These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices."